Page 1 of 5

SEC examination readiness self-assessment

1. Do you maintain documented compliance policies aligned with the Advisers Act?

*

Q1

A

Yes, reviewed regularly

B

Yes, but not updated recently

C

Partially documented

D

Not sure

2. Does your firm require multi-factor authentication for email and critical systems?

*

Q1

A

Yes, documented and tested

B

Documented but rarely reviewed

C

Basic Security Tools Only

D

Not formally defined

3. If a cybersecurity incident occurred today, does your firm have a documented incident response plan?

*

Q3

A

Yes, documented and tested

B

Documented but never tested

C

Informal process

D

No defined process

4. Which best describes your firm's protection against phishing attacks?

*

4. Which best describes your firm's protection against phishing attacks?

A

Advanced filtering and employee training

B

Basic filtering only

C

Minimal controls

D

Not sure

5. Do you evaluate third-party technology providers for security and compliance risk?

*

5. Do you evaluate third-party technology providers for security and compliance risk?

A

Yes, formal vendor security reviews

B

Occasional reviews

C

Informal trust-based relationships

D

No formal process