Question 1

What does the security risk self-assessment cover?

Accepted Answer

The self-assessment covers six critical domains of cybersecurity: network security, access controls, data protection, compliance readiness, incident response preparedness, and cloud security. Each domain includes a series of targeted questions designed to evaluate your current practices against industry best practices and regulatory requirements. The assessment is comprehensive enough to surface real vulnerabilities while remaining accessible to non-technical stakeholders.

Question 2

How long does the self-assessment take to complete?

Accepted Answer

Most organizations complete the self-assessment in approximately 30 to 45 minutes. The exact duration depends on the complexity of your environment and how many stakeholders you involve in the process. You can save your progress at any time and return to finish the assessment later. We recommend involving your IT administrator or managed service provider for the more technical questions, as their input will improve the accuracy of your results.

Question 3

What happens after I complete the self-assessment?

Accepted Answer

Immediately upon completion, you receive an instant risk score across all six security domains along with a preliminary report highlighting your most critical vulnerabilities. Within one business day, a PTG security analyst will reach out to schedule your complimentary follow-up consultation. During that session, we review your results in detail, validate findings, provide additional context, and deliver a prioritized remediation roadmap. You are under no obligation to engage PTG for any further services.

Question 4

Does the self-assessment cost anything?

Accepted Answer

No. The security risk self-assessment is completely free, including the follow-up consultation with a PTG security analyst. There are no hidden fees, no credit card required, and no obligation whatsoever. PTG offers this tool as a public service because we believe every business deserves to understand its cybersecurity risk profile. If you decide to pursue a deeper engagement such as a full security risk assessment or managed security services, those are separate paid engagements that we will discuss transparently.

Question 5

Who should take the self-assessment?

Accepted Answer

The self-assessment is designed for business owners, IT directors, office managers, compliance officers, and anyone responsible for the security and technology decisions within their organization. You do not need deep technical expertise to complete it — the questions are written in clear, accessible language with contextual explanations. That said, involving your IT team or managed service provider in the process will yield the most accurate results, especially for questions about network configurations and technical security controls.

Question 6

How should I prepare before starting the self-assessment?

Accepted Answer

While no special preparation is required, having a few key pieces of information available will help you complete the assessment more accurately. Consider gathering a general understanding of your network architecture, a list of the major software applications and cloud services your organization uses, your current security policies and procedures documentation, any previous audit reports or compliance certifications, and your disaster recovery or business continuity plans. If any of these items do not exist, that is itself a valuable finding that the assessment will capture.

Question 7

What is the difference between the self-assessment and a full security risk assessment?

Accepted Answer

The self-assessment is a guided questionnaire that relies on your knowledge of your own environment to produce a preliminary risk profile. A full security risk assessment is a hands-on technical engagement where PTG's certified analysts directly examine your infrastructure, scan for vulnerabilities, test configurations, review policies, and produce a comprehensive report with detailed technical findings. The self-assessment is an excellent starting point that helps you understand the general landscape. The full assessment provides the deep, verified analysis required for compliance audits, board reporting, and comprehensive remediation planning.

Question 8

Is my data secure during the assessment process?

Accepted Answer

Absolutely. PTG treats all assessment data with the same level of security we apply to our managed clients. Your responses are encrypted in transit and at rest, stored in SOC 2 compliant infrastructure, and accessible only to authorized PTG personnel assigned to your consultation. We do not share, sell, or repurpose your assessment data under any circumstances. Our privacy practices are governed by the same policies that have maintained our strong security track record for clients on our managed program for over 22 years. You can request deletion of your assessment data at any time.

Question 9

How often should I retake the self-assessment?

Accepted Answer

We recommend completing the self-assessment at least once per year, or whenever your organization undergoes a significant change such as migrating to a new cloud platform, expanding to a new office location, adopting a remote work policy, experiencing staff turnover in IT roles, or adding new regulatory requirements to your compliance obligations. Regular reassessment helps you track improvement over time and ensures that new risks introduced by organizational changes are identified promptly. Many of our clients in the Raleigh-Durham area retake the assessment quarterly as part of their ongoing security governance practices.

Question 10

Can the self-assessment help with compliance requirements?

Accepted Answer

Yes. The compliance gap analysis domain within the self-assessment is specifically designed to evaluate your readiness against common regulatory frameworks including HIPAA, PCI-DSS, CMMC, NIST 800-171, and SOC 2. While the self-assessment alone does not constitute a formal compliance audit, it provides a reliable preliminary view of where your gaps exist and what remediation steps are necessary. Many organizations use the self-assessment results as a starting point before engaging PTG for a formal IT security risk assessment that produces audit-ready documentation and evidence packages.

Security RiskSelf-Assessment

What to Evaluate

Access Controls

Endpoint Protection

Backup and Recovery

Email Security

Incident Response

Compliance Posture

From Self-Assessment to Expert Assessment

Security Risk Assessment

Network Security Audit

IT Security Risk Assessment

Security and Compliance

Free IT Consultation

Ready for a Professional Assessment?