Page 1 of 16

Information Security Gap Analysis

Hey 👋,

We know that information security can feel overwhelming, especially when you're busy running a business. This questionnaire is designed to help us understand how your organisation currently handles security - and the good news is, you're probably doing more than you think!

We're not looking for perfect, formal policies or complex technical documentation. Instead, we want to understand your real-world processes - the things you actually do day-to-day to protect your business and customer data. Whether it's a simple email with instructions, a checklist you follow, or just "the way we've always done it," we want to hear about it.

Before you start, it might be helpful to gather a few people together or have a quick chat with different team members. You don't need to have all the answers yourself - security touches every part of a business, from how you hire people to how you deploy software.

What to prepare before starting:

- Have a chat with your technical team about how your systems work (development process, where data is stored, who has access to what)

- Check with HR or whoever handles hiring about your current processes for new starters and leavers

- Think about any existing policies, procedures, or documents you have - even informal ones like email templates or checklists

- Consider who in your team would be best placed to answer different types of questions (we've marked each question with suggestions)

- Don't worry about having "perfect" documentation - we're interested in what you actually do, not what you think you should be doing

This should take around 30-45 minutes to complete, and you can save and return to it if needed. Remember, this is about understanding your current state so we can help you build on what you already have.