Title Page

  • Site

  • Date and Time of Inspection

  • Prepared by

  • Location


  • Company security policies in place

  • Security policies written and enforced through training

  • Computer software and hardware asset list

  • Data classified by usage and sensitivity

  • Established chain of data ownership


  • Training on phishing, handling suspicious emails, social engineering hackers

  • Password training and enforcement

  • Training on dealing with strangers in the workplace

  • Training on carrying data on laptops and other devices and ensuring the security of this data

  • All security awareness training passed and signed off ensuring that all employees not only understand the importance of security but are active guardians for security

  • Bring Your Own Device (BYOD) plans are in place

Business practices

  • Emergency and cybersecurity response plans

  • Record of all possible sources of business disruption cybersecurity risk

  • Plans in place to lessen business disruptions and security breaches

  • Emergency disaster recovery plans in place

  • Alternative locations for running business in case of emergencies or disruptions

  • Redundancy and restoration paths for all critical business operations

  • Test restoration and redundancy plans

IT staff

  • System hardening plans

  • Automated system hardening on all operating systems on servers, routers, workstations, and gateways

  • Software patch management automated

  • Check security mailing lists

  • Regular security audits and penetration testing

  • Anti-virus software installed on all devices with auto-updates

  • Systematic review of log files and backup logs to make sure there are no errors

  • Remote plans in place, as well as policies regarding remote access

Physical security

  • Lock servers and network equipment

  • Secured and remote backup solution

  • Keys for the network are in a secure location

  • All computers are visible

  • Use locks on computer cases

  • Perform regular inspections

  • Prevent unauthorized users from entering the server room or even in the workstation areas

  • Security camera monitoring system

  • Keycard system required for secure areas

  • Secure Data Policy in place and ensure users understand the policy through training

  • Secure trash dumpsters and paper shredders to prevent dumpster diving

Secure data

  • Encryption enabled wherever required

  • Secure laptops, mobile devices, and storage devices

  • Enable automatic wiping of lost or stolen devices

  • Secure Sockets Layer (SSL) in place when using the Internet to ensure secure data transfers

  • Secure email gateways ensuring data is emailed securely

Active monitoring and testing

  • Regular monitoring of all aspects of security

  • Regularly scheduled security testing

  • External penetration testing to ensure your staff hasn’t missed something

  • Scanning for data types to make sure they are secure and properly stored


  • Observation

  • Full name and signature of IT Supervisor

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.