How to use this tool
New here? Read the step-by-step guide
Information Security Self-Assessment
A 25-question checklist to visualize your organization's security posture.
Based on IPA (Japan) "5-Minute Information Security Self-Diagnosis"
This assessment is based on guidelines developed by Japan's Information-technology Promotion Agency (IPA) for small and medium-sized businesses. While the questions reflect Japanese regulatory context, the security principles are universally applicable.
Basic Measures
1Do you keep OS and software on PCs and smartphones up to date?
2Do you have antivirus software installed with up-to-date definitions?
3Do you use long, complex passwords that are hard to crack?
Generate strong passwords with our tool→4Do you restrict access to sensitive information appropriately?
Control file access with download limits & email verification→5Do you have a system to learn about new threats and share countermeasures internally?
Employee Measures
6Are you cautious about virus infections via email attachments and URL links?
7Do you take measures to prevent sending emails/faxes to wrong recipients?
8Do you protect sensitive information in password-protected attachments rather than email body text?
Send files with E2E encryption→9Do you use proper encryption settings for wireless LAN security?
10Do you have measures against internet-based virus infections and social media risks?
11Do you back up important data to prepare for virus infections, hardware failures, or accidental deletion?
Encrypt backup files for protection→12Do you store documents and media containing sensitive information in locked cabinets instead of leaving them on desks?
13Do you take theft/loss prevention measures when carrying sensitive documents or media outside?
Encrypt files before taking them outside→14Do you lock your screen when leaving your desk to prevent unauthorized viewing or access?
15Do you restrict office access to authorized personnel?
16Do you lock away laptops and equipment when leaving the office?
17Do you have measures to prevent forgetting to lock up when the office is unattended?
18Do you ensure sensitive documents and media are destroyed beyond recovery when disposed?
Remove metadata before disposal→Organizational Measures
19Do employees understand confidentiality obligations and follow rules about not leaking business information?
20Do you provide security education and awareness to employees?
21Do you have clear security policies for personal devices used for work (BYOD)?
22Do contracts with vendors handling sensitive information include confidentiality clauses?
23Do you evaluate the security and reliability of external/cloud services before selecting them?
24Do you have an incident response plan and procedures prepared for security incidents?
25Do you have documented security policies that are communicated to all employees?
Please answer all questions