Skip to main content

Security Assessment Questionnaires

Overview

A Security Assessment Questionnaire (SAQ) is a tool used by organizations to evaluate the security posture of their vendors, partners, or internal departments. It typically consists of a structured set of questions designed to assess how well the entity adheres to security policies, controls, and best practices, including data protection, access management, incident response, and compliance with relevant regulations. The goal of an SAQ is to identify potential security risks, gaps, or vulnerabilities before entering into business partnerships or adopting new services, ensuring that sensitive information remains protected.

Navigate to the Module:

  • Click on the menu icon to show all the different modules
  • Under Cyber Governance, click on Security Assessment Questionnaires 

How to Add a Questionnaire:

In the Security Assessment Questionnaires, click on Create Template to add a questionnaire.

For demonstration purposes, we will be using a sample questionnaire to fill in information on the SAQ.

image.png

Add Questionnaire Title:

To edit the title, click on the image.png icon.

image.png

Once a title has been filled out, click on the saveimage.png icon to save any changes.

Add Questionnaire Section:

To add a section, first add a section title. Click on theimage.png icon to add a section title.

To save the section title, click add section.

image.png

Add Section Contents

  • Question: This is where you write the question to be included in the assessment. The question typically aims to gather information regarding a specific security aspect, such as vendor policies, procedures, or technical safeguards. In a Security Assessment Questionnaire (SAQ), this could be anything like, "Do you have an incident response plan?" or "How do you handle data encryption?".

  • Type (Text Field/Yes or No/Multiple Choice): This dropdown allows you to select the format in which the respondent will provide their answer. In the SAQ context:

    • Text Field allows for open-ended responses, where the vendor or respondent can type their detailed answer.
    • Yes or No is a binary option, where the respondent chooses between Yes or No, often used for compliance-based questions like, "Are you ISO 27001 certified?".
    • Multiple Choice offers predefined options from which the respondent can select. This could be used for questions like, "Which security framework do you follow?" with options like ISO, NIST, SOC 2.

  • Input Response: This is where the respondent will provide their answer. For text fields, they type in their answer (such as describing their security measures), while for Yes/No or Multiple-Choice questions, they select from the available options.

  • Required: This toggle indicates whether answering the question is mandatory. If required, the respondent must provide an answer before moving to the next section.

For this example, we will add a sample question for the questionnaire.

To save the question in the section, click Add Question as shown in the figure above.

image.png

This will then save the question and will add another question form to be added by the user.

Add Multiple Sections:

To add multiple sections for a questionnaire, click on the section title

Type in the section title you want to add, then click the Add Section button.

The newly added section will be added to the table of contents and questions can be added to it.

image.png

How to Delete a Section:

If, for example, you accidentally create a section that you didn’t intend to, or if there is a typo when creating a section, you can easily remove it. Simply click the delete button next to the section, and it will be removed immediately. This allows you to quickly correct mistakes and maintain a clean, organized questionnaire.

In this example, a section called 'wasd' was created and we want to delete it. Simply click on the trash icon where the arrow is pointing to delete the section.

How to Save a Questionnaire:

Once all questions and sections of the questionnaire are complete, you can save your progress by clicking the green "Save" button, as shown in the figure above. This ensures all your changes are recorded and the questionnaire is ready for future use or distribution.

The newly created questionnaire will then be saved and shown on the Security Assessment Questionnaires Dashboard as shown above.

Types of Questions:

  • Text Field allows for open-ended responses, where the vendor or respondent can type their detailed answer.

image.png

  • Yes or No is a binary option, where the respondent chooses between Yes or No, often used for compliance-based questions like, "Are you ISO 27001 certified?".

image.png

  • Multiple Choice offers predefined options from which the respondent can select. This could be used for questions like, "Which security framework do you follow?" with options like ISO, NIST, SOC 2.

image.png

Conditional Questions:

For questions that have two parts, it's important to divide them into distinct sections for clarity and ease of response. As seen in the example below:

image.png

  • The main question, "Does the Company have any quality certificates?", is presented as a Yes or No type of question. This is straightforward, allowing the respondent to quickly choose one of the two options.

  • A follow-up question, "If yes, Specify:", is included to gather more information if the answer to the main question is 'Yes'. This is provided as a Text Field, where the respondent can input details about the certificates, if applicable.

This method ensures that respondents are not overwhelmed by unnecessary fields unless their answer requires additional input. The main question gathers high-level information, while the follow-up captures detailed specifics only when relevant.

 

If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.

No Comments
Back to top