You can upload any type of document that reflects your company’s cybersecurity maturity. Here are some examples of documents that can be provided (for illustration only):
Information Security Certifications: If your company has a cybersecurity certification (ISO 27001, ISO 22301, PCI DSS...) you should not only attach the diploma but the whole report showing the scope of the certificate as well as the controls audited (statement of Applicability -SoA- can be provided if your organization ISO 27001 certified).
Policies (Information Security policy, Data Privacy, Identity and Access management, Backup, Business Continuity…).
Procedures (Data classification, User access review procedure, Server hardening guidelines…)
Internal official documents (Employee Handbook, Information Security Awareness material, Organization chart...)
Reports (audit report, pentest report, user access review…)
Screenshots or proofs of implementations (password configuration screenshot, risk register sheet, CCTV screenshot, user management tool screenshot, log extraction…)
Technical document of deployment (Antivirus, Firewall, DLP, AntiDDoS...)
When completing your customized questionnaire, please keep in mind that you need to select all the security practices (answering options) that your organization has implemented as well as attach evidence for each of them. Each answering option which is unselected or selected with no attached evidence will generate an improvement action and bring 0 points to the total score, lowering it.
Following questionnaire submission we initiate our analysis process, therefore we cannot accept additional modifications or documents.