Security Assessments These questions are designed to ensure that your organization identi昀椀es and hardens attack surfaces. 1. When was your last risk assessment performed and who completed this task? a. Were there critical 昀椀ndings? b. If yes: i. Were those 昀椀ndings remediated? ii. Were those remediations validated? 2. Do you regularly conduct internal and external penetration test? If yes: a. How often? b. What kind? c. When was the last test? d. Were all adverse 昀椀ndings remediated? e. Who conducts your internal and external vulnerability testing? 3. Is the penetration tester independent of your current IT team? Questions To Ask Your MSP | 16