Information Risk Self-Assessment

Additional Information

The IRM Self-Assessment Questionnaire will help you to understand the current state of your information security controls. The questionnaire is not "exhaustive" in either sense of the word: it is not necessarily a comprehensive treatment of all possible topics of importance, and you will not be exhausted after you finish it! However, it does cover most of the important things to consider, especially for organizations who do not yet have a mature information security program. The analysis of your answers, provided by the GOLD Crew, will help you to prioritize your efforts in improving your program, no matter where you currently stand.

As in any multiple-choice questionnaire for which there are no "correct" answers, there may be questions for which you feel that there is no reponse that exactly matches your organization. Try not to worry too much about that, and just pick whatever answer seems to be closest to your situation, even if it doesn't seem very close.

If you know the answers to all 22 questions "off the top of your head", you should be able to complete the questionnaire in less than 20 minutes. If you need to consult with other members of your organization to get the answers, it may take a bit longer.