BP 11122023 129pm - Flipbook - Page 89
#
3.1
3.2
3.3
3.4
3.5
IT Questionnaire Continued
3. SECURITY
Use of Firewall
3.1.1 Is there a managed (and updated) firewall in place at the office(s)? Please indicate
the name of the firewall used:
3.1.2 If using MSP, is this included in the contract of services?
Use of Anti-Virus Software
3.2.1 Are all of the workstations, servers, etc. protected by an updated antivirus
subscription? If yes, what antivirus product are you using?
3.2.2 If using MSP, is management of antivirus software included in the contract of
services?
Who has access to the main credentials (passwords; keys; rooms; etc.)?
Please indicate who has access & what they have access to:
- Church/mission/campus center/school employees:
- 3rd party support employees:
Are the workstations and/or laptops used for church/mission/campus center/school use
used only for business functions=?
If equipment is shared for use with personal data, personal e-mail and/or any nonbusiness information, please explain why:
Brief response:
Are USB drives, portable hard drives or any forms of removeable devices used to
transfer data on business workstations? If so, how are these devices tracked?
Note: The use of any portable devices is strongly discouraged as they can be used as a
vehicle to introduce malicious content onto a system.
Response:
3.6
3.7
Are your employees required to create strong passwords to access IT resources, such as
using a passphrase? See additional password strengths in IT Standards section below.
3.6.1 How often are users required to change their password?
3.6.2 Is multifactor authentication required for access to critical information, remote
access, and Administrator and privileged?
Has a phishing protocol been established?
3.7.1 Have employees and other church/mission/campus center/school personnel been
briefed and educated on phishing scams?
3.7.2 Do you subscribe to or utilize some type of Awareness Training such as KnowBe4
or PhishingBox?
89
Yes
No
