Cyber Resilience Act Compliance Checklist

1. Is there a designated officer responsible for cyber resilience compliance?

2. Has a risk assessment been conducted for all critical systems?

3. Are there documented policies for incident response?

4. Is there a training program for staff on cyber resilience?

5. Are third-party vendors assessed for cyber risks?

6. Is there a process for reporting cyber incidents?

7. Are cyber resilience policies reviewed annually?

8. Is there a budget allocated for cyber resilience initiatives?

9. Are roles and responsibilities for cyber resilience clearly defined?

10. Is there a communication plan for cyber incidents?

1. Are firewalls implemented on all critical systems?

2. Is antivirus software installed and regularly updated?

3. Are access controls in place for sensitive data?

4. Is multi-factor authentication used for critical systems?

5. Are regular backups performed for critical data?

6. Is there a monitoring system for detecting cyber threats?

7. Are software updates and patches applied promptly?

8. Is encryption used for sensitive data at rest and in transit?

9. Are intrusion detection systems in place?

10. Is there a policy for secure disposal of data and hardware?

1. Is there a formal process for evaluating the effectiveness of cyber resilience measures?

2. Are employees required to report suspicious activities related to cyber security?

3. Is there a plan for regular penetration testing of critical systems?

4. Are there documented procedures for responding to data breaches?

5. Is there a designated team for managing cyber resilience initiatives?