Identity & Access Management
How well do you control who has access to your systems?
1. Is Multi-Factor Authentication (MFA) enforced for all users?
2. Are ex-employee accounts deactivated within 24 hours of departure?
3. Do you have a password policy requiring 12+ characters?
4. Are admin accounts separate from daily-use accounts?
5. Do you review user access permissions at least quarterly?
Device Management
How well are your devices secured and managed?
6. Are all company devices enrolled in an MDM solution (e.g., Intune)?
7. Is disk encryption (BitLocker/FileVault) enabled on all endpoints?
8. Are OS and application updates enforced automatically?
9. Can you remotely wipe a lost or stolen device?
10. Do you have a BYOD policy with security requirements?
Data Security
How protected is your organization's data?
11. Do you have automated cloud backups (e.g., Microsoft 365 backup)?
12. Is Data Loss Prevention (DLP) configured to block sensitive data sharing?
13. Are external file sharing links audited and auto-expired?
14. Is email encryption enabled for sensitive communications?
15. Do you have anti-phishing policies enabled (Safe Links, Safe Attachments)?
Compliance & Monitoring
Do you have visibility into what's happening in your environment?
16. Are audit logs enabled and retained for 90+ days?
17. Do you have security alerts configured for suspicious sign-ins?
18. Are you aligned with a compliance framework (CIS, NIST, SOC2)?
19. Do you have an incident response plan documented?
20. Do you conduct security awareness training for employees?
Get Your Personalized Report
Enter your details to unlock your full IT Health Report with actionable recommendations.
Your IT Health Report
Based on your responses, here's your organization's security posture.
Category Breakdown
● Critical Findings
Want the Full Picture?
This self-assessment covers the basics. A full StackFix audit connects to your APIs and scans for hundreds of additional misconfigurations.