Cyber Security Checklist Template

Use this Cyber Security Checklist Template to evaluate your organization's security measures, covering areas like network protection, data privacy, and more.

Download as free PDF

Library
IT & Data Center
Cyber Security Checklist Template

Network Security

Access Control & User Management

Endpoint Protection

Data Protection & Privacy

Email & Communication Security

Physical Security

Incident Response & Recovery

Compliance & Auditing

Training & Awareness

Review & Sign-Off

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Easy inspection app for your digital checklists

Conduct inspections anytime, anywhere - even offline
Capture photos as proof of compliance or areas needing attention
Instantly generate and share detailed reports after the inspections
Assign & track follow-up tasks, view historical trends on a centralized dashboard

Cyber Security Checklist Template

Use this Cyber Security Checklist Template to evaluate your organization's security measures, covering areas like network protection, data privacy, and more.

1. Are firewalls properly configured and actively monitored?

2. Is your Wi-Fi network secured with strong encryption (e.g, WPA3)?

3. Have you disabled unused network ports and protocols?

4. Are intrusion detection or prevention systems in place and regularly reviewed?

1. Are all user accounts assigned the principle of least privilege?

2. Do users use multi-factor authentication (MFA) for system access?

3. Are accounts for former employees or inactive users promptly deactivated?

4. Are password policies enforced (length, complexity, expiration)?

1. Is antivirus/anti-malware software installed and up to date on all devices?

2. Are company laptops and mobile devices encrypted and password-protected?

3. Are the USB or external devices restricted or monitored?

4. Are all systems patched regularly, including third-party applications?

1. Is sensitive or personal data encrypted in transit and at rest?

2. Are data retention and deletion policies clearly defined and enforced?

3. Are regular backups performed, stored securely, and tested for restoration?

4. Are privacy notices and consents in place for personal data collection?

1. Are employees trained to identify phishing and social engineering attempts?

2. Is spam and malicious content filtering active on all email accounts?

3. Is sensitive data prohibited from being shared via unsecured communication channels?

4. Are outbound emails scanned for data leaks or unauthorized attachments?

1. Are servers and network equipment housed in secure, access-controlled areas?

2. Is there a visitor log or badge system for access to sensitive zones?

3. Are laptops and removable media stored securely when not in use?

1. Is there a documented cyber incident response plan in place?

2. Are roles and responsibilities clearly defined in the event of a cyber incident?

3. Has the response plan been tested or simulated recently?

4. Are incidents logged, reported, and reviewed for future mitigation?

1. Are you compliant with relevant standards (e.g., GDPR, HIPAA, ISO 27001)?

2. Are regular cybersecurity audits or penetration tests conducted?

3. Is there a record of past breaches or near misses and lessons learned?

4. Are third-party vendors assessed for cybersecurity practices?

1. Have all staff received up-to-date cyber security awareness training?

2. Are policies on internet use, social media, and remote work clearly communicated?

3. Do employees know how to report a suspected breach or vulnerability?

1. When was the last full cybersecurity review conducted?

2. Who is responsible for maintaining cybersecurity compliance?

3. What corrective actions have been assigned and tracked?

4. When is the next cybersecurity audit scheduled?