PEAK INTELLIGENCE AI Assessment -

Are you interested in working with one of the most established Managed Service Providers in New Jersey?

I.T. Infrastructure Questionnaire

Please provide your answers for each question. Include all relevant information and add any notes you believe would be helpful. You may also attach supporting files at the bottom of the form.

Please provide your answers to each question. Include all relevant information and any helpful notes. Supporting documents can be attached where indicated.

Fields marked with an asterisk (*) are required.

General Information — Critical

This section covers the most important aspects of your I.T. infrastructure.

Who manages the maintenance and security of the I.T. infrastructure?

Do you outsource any I.T. support, configuration, maintenance, or other I.T. professional services?

If yes — list outsourced provider names, contact information, and services performed

Do you have a documented process for assessing outsourced providers' security posture?

Attach copies of any vendor agreements currently in place

Click or drag files to this area to upload. You can upload up to 5 files.

Which domain names do you own? Who manages the registrations and DNS records?

Who is your email provider?

Microsoft 365
Google G-Suite / Workspace
Other

If Microsoft 365 or Google — is email backed up to a third party (per Microsoft recommendations)?

If other email provider — how is it backed up?

Do you maintain a detailed asset inventory list for hardware and software?

Attach a copy of your asset inventory

Click or drag files to this area to upload. You can upload up to 5 files.

Who maintains the asset inventory? Is it automated?

What is your backup / disaster recovery / business continuity solution?

Does the backup solution include desktops and laptops?

Who monitors the backups?

Which devices are backed up?

How often are backups performed?

Are backups logically or physically separated from the production network using separate administrative credentials?

Are backups encrypted in transit and at rest?

How often are restores tested?

Attach documentation showing successful backups and/or test restores

Click or drag files to this area to upload. You can upload up to 5 files.

Primary internet provider name

Download speed

Upload speed

Do you have an internet failover solution?

If yes — what is the failover solution?

Telecom provider

Telecom system type and manufacturer

General Information — Non-Critical

Is the company under any compliance regulations?

Yes
No
Unsure

If yes — which regulations?

Has the company undergone any third-party audits?

If yes — which audits and when?

Attach the most recent audit report(s)

Click or drag files to this area to upload. You can upload up to 5 files.

Who develops and maintains your web presence? Who is your hosting provider?

Are all websites secured with SSL certificates (HTTPS)?

Yes
No
Some

Are all workstations, servers, and networking components monitored 24/7/365 with anomaly alerting?

If yes — which monitoring platform is deployed and who receives alerts?

Are alerts generated when Administrator accounts are created or deleted?

Do you have an access control system in place?

If yes — which access control system?

Do you have a video surveillance system?

If yes — where are cameras located? Is there a DVR component?

Which of the following documented policies do you have in place?

Technology Usage Policy
Information Security Policy
Data Breach Response Policy

Attach copies of any policies (including others not listed above)

Click or drag files to this area to upload. You can upload up to 5 files.

Do you perform Tabletop Exercises with playbooks to practice responses to breaches?

Do you have a secure documentation platform for all mission-critical systems and processes?

If yes — which platform?

Do you perform in-depth background checks on all employees prior to hiring?

Software — Critical

What is your line of business (LOB) application? Who supports it?

What other applications are in use for ERP, production, accounting, HR, etc.?

Do you have a patch management policy and process for servers and workstations?

Schedule for applying critical patches:

Are all software versions current and supported?

Yes
No
Mostly

If not all current — please describe exceptions:

Software — Non-Critical

Is there an Automated Software Deployment solution in place?

If yes — which solution?

How often do you review installed software for approved-applications compliance?

Software/web development — which apply to your company?

Develop software for internal use
Develop software as work-for-hire (client owns code)
Develop software licensed to others

Do you outsource or use subcontractors for development work?

If yes — subcontractor names and companies:

Do you have policies/controls in place to prevent copyright or patent infringement in your software?

Attach copies of software IP policies/controls

Click or drag files to this area to upload. You can upload up to 5 files.

Network & Hardware — Critical

Are all computers, servers, and users secured in a Microsoft Active Directory Domain?

Yes
No
Partial

Do all workstations, servers, and hypervisors have currently supported operating systems?

If no — which devices have unsupported operating systems?

Are any devices (servers, computers, etc.) older than 5 years?

If yes — how many and which ones?

Is all ethernet cabling at minimum Category 5E?

Yes
No
Unknown

Do you have wireless access points?

Number of access points:

Wireless AP make and model:

Do wireless APs have a current support subscription?

Wireless encryption in use:

Is there a guest wireless network?

Yes — segmented from production
Yes — not segmented
No

Do you have a detailed network map?

Attach your network map (PDF, image, or Visio file)

Click or drag files to this area to upload. You can upload up to 5 files.

Which Endpoint Protection solution is deployed? Does it qualify as EDR (Endpoint Detection and Response)?

What firewalls do you have in place? Include makes, models, support subscriptions, and firmware status.

Are the MDF(s) and IDF(s) physically secured? How? Climate controlled? Temperature/humidity/water sensors?

Is there a fire detection/suppression solution in place?

If yes — which fire detection/suppression solution?

Network & Hardware — Non-Critical

Are all mission-critical components protected by UPS (Uninterruptible Power Supply)?

Yes
No
Partial

Are all mission-critical components (servers, switches, etc.) under warranty?

Yes
No
Partial

Is there a physical video conferencing solution in place?

If yes — which video conferencing solution?

Is there a documented process for configuring and hardening all devices before connecting them to the network?

Attach copy of device hardening process documentation

Click or drag files to this area to upload. You can upload up to 5 files.

When devices are retired, how are they securely disposed of?

Cyber Security — Critical

Do you utilize any third parties for SaaS, IaaS, Co-Location, Hosting, Offsite Backup/DR, or other Cloud Services?

If yes — list providers, services, and datacenter locations:

Who has administrative privileges in Active Directory and for other I.T. assets?

Do you require employees to use Multi-Factor Authentication (MFA)?

Yes
No
Partial

If yes — which MFA solution?

Which systems are protected by MFA?

Do employees perform work (including email) on personal devices?

If yes — what work is performed on personal devices?

Is there a BYOD (Bring Your Own Device) policy in place?

Attach BYOD policy

Click or drag files to this area to upload. You can upload up to 5 files.

Password Policies

Please fill in each password policy setting below.

Minimum password length

Password complexity requirements

Password aging / expiration

Password re-use restriction

Account lockout policy

Is the username hidden from the login screen?

Auto-lock workstation after inactivity

Are login times restricted?

Which additional Cyber Security solutions are in place? (Select all that apply)

For each solution selected above, provide the service provider and description:

Do you have an ongoing Security Awareness Training program for all employees?

If yes — which solution and how often is it required?

Do you have a Mobile Device Management (MDM) solution in place?

If yes — which MDM platform?

Do you offer or require an Enterprise Password Manager for employees?

Yes — required
Yes — optional
No

If yes — which password manager?

Do you have a Single Sign-On (SSO) solution in place?

If yes — which SSO solution?

Which Email Security Policies are in place? (Select all that apply)

OWA Disabled
SMTP Authentication Disabled
Auto-forward to external addresses disallowed
Warning banner on all external emails
SPF, DKIM, and DMARC configured
Abuse@ and Security@ email addresses in place

Cyber Security — Non-Critical

Do you utilize a compliance archive for email?

If yes — email archive provider:

Do you also archive other required platforms (chat, social media, etc.)?

If yes — other archive provider:

Is there a change management and approval process documenting all infrastructure changes?

If yes — please describe the process:

Is there a Data Loss Prevention (DLP) solution in place?

If yes — which DLP solution?

Are all legacy protocols disabled?

Yes
No
Partially

Legacy protocols include: Telnet, TFTP, IMAP, POP3, PPTP

Is RDP (Remote Desktop Protocol) exposed to the public internet?

Are laptops and desktops containing protected information (PII, PHI) encrypted?

Yes
No
Partial

Do you perform vulnerability tests?

If yes — how often and who performs them?

Attach most recent vulnerability test results

Click or drag files to this area to upload. You can upload up to 5 files.

Do you perform penetration testing?

If yes — how often and who performs them?

Attach most recent penetration test results

Click or drag files to this area to upload. You can upload up to 5 files.

Is there a SIEM (Security Information and Event Management) solution in place?

If yes — which SIEM, and does it include a 24/7/365 SOC?

Are users allowed administrator access on their local computers?

Yes
No
Some users

Are there any login credentials shared among employees or vendors?

If yes — please describe which credentials are shared and with whom:

Microsoft 365: Do you quarantine ActiveSync devices until whitelisted?

Yes
No
Not Applicable

Remote Access — Critical

What is your remote access strategy? How do employees work when out of the office?

Are all remote access solutions encrypted and protected by MFA?

Yes
No
Partial

If not fully encrypted/MFA — please explain exceptions:

Do vendors or anyone other than employees have access to your network and data?

If yes — who are they, and how is access monitored and controlled?

Data — Non-Critical

Do you classify your datasets to ensure only authorized personnel have access?

If yes — describe your classification scheme:

Do you utilize cloud repositories to securely store and share data?

If yes — which cloud repositories?

Is Personally Identifiable Information (PII) stored anywhere?

If yes — how and where is PII stored? Is it encrypted?

How do you transmit or share protected information (PII, PHI, confidential data)? Is it encrypted in transit and at rest?

Are you subject to PCI (credit card) compliance?

Yes — subject and store card data
Yes — subject but do not store card data
No — not subject to PCI

If PCI data is stored — is it encrypted?

Are MFPs (copiers, scanners) configured to wipe internal hard disks regularly?

Yes
No
No MFPs on premises

If yes — how often are MFP disks wiped?

Additional Notes & File Attachments

Additional notes or information you'd like to share:

Additional file attachments (any supporting documents, diagrams, reports)

Click or drag files to this area to upload. You can upload up to 5 files.

Your Contact Information

Your Name *

Email Address *

Company Name *

Title / Role

Phone Number

Date Completed

908-707-9696

1661 Rt. 22 W. Bound Brook NJ

solutions@alpinebiz.com

Remote Support

Client Login

Please provide your answers for each question. Include all relevant information and add any notes you believe would be helpful. You may also attach supporting files at the bottom of the form.

General Information — Critical

General Information — Non-Critical

Software — Critical

Software — Non-Critical

Network & Hardware — Critical

Network & Hardware — Non-Critical

Cyber Security — Critical

Password Policies

Cyber Security — Non-Critical

Remote Access — Critical

Data — Non-Critical

Additional Notes & File Attachments

Your Contact Information

Social

Tech Articles

AI Is Not the Internet. It’s Electricity

Digital Defense: Essential Security Practices for Remote Workers

Resources

Support Links

Contact Info

Address:

Email:

Phone:

Fax: