Information security is a process that should be prioritized in order to keep your company's private information just as it is: private. If your company's sensitive information isn't properly protected, it runs the potential of being breached and damaging the privacy and future of your company and employees.

Running an information security audit every six months allows you to take measures against any potential threats to your system and prepare for the worst.

Though it's nearly impossible to deflect every possible issue that may arise, it's definitely possible to protect your company's information from common threats by running a security audit regularly (key word: preventative risk management).

This is why we, at Process Street, created this information security checklist template, to provide an easy process you can follow every six months that will help mitigate any chance of misstep that could potentially leave your sensitive information compromised.

Evaluating risks:

Run security/risk audit

Your first step to running this Information Security Checklist should be to run a security/risk audit to evaluate and identify your company's existing security risks.

Use the form field below to note what your current risks are.

Implementing security measures:

Establish reliable physical security

Physical security is just as important as digital security.

Make sure your company building is physically protected by things like: access codes, building security, camera surveillance, locks, etc.

Establish employee policies for how to handle any computers and make sure all employees are informed.

Restrict user permissions

Limit your users' permissions to only what they absolutely need. 

When users have free reign, it runs the risk of misuse such as, downloading malware that can damage your system and risk the safety of your sensitive information.

Run regular security updates

Make sure to stay up-to-date with all of your computer's software security updates.

When vulnerabilities are found in software, most companies will include fixes to these bugs in their updates. Otherwise, it may leave your system open to compromise.

Use antivirus software

An important step of this checklist is using an antivirus software.

Computer viruses can range from mild to potentially very damaging and it's not worth taking the risk; especially given how easy it can be for your system to contract a virus.

Ensure computers and networks are protected by a firewall

Ensure that your network and computers are protected by a firewall. This will mean that your network and devices won't be able to be seen by anyone online.

Use strong passwords

Make sure your passwords are all difficult to guess.

They should: 

  • 1
    be at least six characters long
  • 2
    use both lowercase and capital letters
  • 3
    use a combination of letters, numbers and special characters such as <, } and ~. –
  • 4
    include misspelled words with special characters, such as “[email protected]&NoE1$#8”

Create regular backups of important data

Make sure you are regularly backing up all of your important data and store the backups at a location that isn't your company's location.

This will ensure not only that your sensitive information is kept safe from cyber threats, but also kept safe from any potential physical risks, such as a fire.

Encrypt client data

Ensure that all of your client information is encrypted and therefore kept safe from potential hackers.

Use an e-mail spam filter

Invest in an e-mail spam filtration service.

Emails run the risk of having attached viruses or spyware and can end up infecting your computer or system.

Prepare for emergency

Create a backup plan for moving forward with your business operations and bouncing back from an emergency if the worst were to happen.

Make sure to review and test this plan annually.

Approval: Final Approval (Manager)

Will be submitted for approval:
  • Run security/risk audit
    Will be submitted
  • Establish reliable physical security
    Will be submitted
  • Restrict user permissions
    Will be submitted
  • Run regular security updates
    Will be submitted
  • Use antivirus software
    Will be submitted
  • Ensure computers and networks are protected by a firewall
    Will be submitted
  • Use strong passwords
    Will be submitted
  • Create regular backups of important data
    Will be submitted
  • Encrypt client data
    Will be submitted
  • Use an e-mail spam filter
    Will be submitted
  • Prepare for emergency
    Will be submitted


Sign up for a FREE account and
search thousands of checklists in our library.

Sign up for a FREE account and search thousands of checklists in our library.