1. Background

To help you get the most out of using our handy security policy generator, we've summarised a list of the more technical questions that you should prepare in advance before starting the policy generator. This will just avoid you needing to stop and start as you work through the questionnaire. You can save a link to come back to the questionnaire later, but we think it's always easier to do it in one go. Once you have the answers to these questions, you login to your Apollo account and click on Policies, then Create Policies.

2. Questions

1. What system/s do you use for data logging?
‍
2. How long do you store event logs for?
‍
3. Please provide a couple of sentences to describe your Server Architecture (eg; AWS Microservices etc)
‍

4. What are your SLAs / recovery time objectives for each of the following IT functions?

1. Critical Functions (eg. 2 hours)
2. Necessary Functions (eg. 1 week)
3. Desirable Functions (eg. 1 month)
   

‍

5. Which type of server architecture best describes your organisation's setup?

1. On-premise servers
2. Cloud-based servers (e.g. AWS, Azure, Google Cloud)
3. Hybrid (a mix of on-premise and cloud)
4. Other (please specify)

‍

6. What high availability measures do you have in place?

1. We don’t have any system redundancy in place
2. Our critical servers have redundancy in place
3. All services have complete redundancy and run on at least two instances
4. Other (please specify)

‍

7. What is your organisation's backup strategy?

1. No regular backups are performed
2. We perform weekly backups of critical data
3. We perform daily backups of all data
4. We perform daily backups of all data and regularly test the recovery procedure
5. Other (please specify)

‍

8. Where are your backups stored?

1. No regular backups are performed
2. On the same server/s as the original data
3. On separate on-premise servers or storage devices
4. In a separate cloud-based backup solution
5. Offsite at a secure location
6. Other (please specify)

‍

9. Which remote access measures do you have in place?

1. We don’t have any remote access measures in place.
2. Some staff have remote access to some corporate systems.
3. All staff are equipped to work remotely from home using dedicated broadband internet links and laptops in case of a disaster at the company's office.