Ohio Cybersecurity Law Requirements Survey Question Title * 1. Is your organization licensed, authorized to operate or registered with the Ohio Department of Insurance? (i.e, insurers, brokers and agencies) Yes No OK Question Title * 2. Does your organization’s information technology network contain any nonpublic business and consumer information including but not limited to, personal identifiers, Social Security numbers, financial account information, driver’s license numbers, biometric data or health information? Yes No OK Question Title * 3. Does your organization have more than 20 employees; more than $5 million in gross annual revenue; more than $10 million in assets; or, can certify your compliance with HIPAA? Yes No OK Question Title * 4. Does your organization have a formal policy for identifying and responding to cybersecurity breaches, ransomware attacks and other similar events? Yes No OK Question Title * 5. Do you have an Information Security Management System (ISMS)? Yes No I'm not sure OK Question Title * 6. If so, is it built upon an industry standard framework such as NIST Cybersecurity, 800-171, 800-53, ISO 27000, PCI-DSS, HIPAA-HITECH? Yes No I'm not sure OK Question Title * 7. Has this framework and the systems you use undergone a third-party audit or assessment? Yes No I'm not sure OK Question Title * 8. Does your organization have a dedicated Information Security department, shared responsibility team or individual, or no current Information Security function? Dedicated Information Security department Shared responsibility team Individual No current Information Security function OK Question Title * 9. Do you need assistance with implementing an organization-wide security posture to show compliance with the Ohio Data Protection Act? Yes No OK DONE