TAG Cybersecurity Pre-Event Questionnaire Survey

The Technology Association of Grantmakers (TAG) is excited to launch this brief pre-event assessment to better understand your organization’s current cybersecurity practices and preparedness.

TAG, along with members Junell Felsburg (The Columbus Foundation) and Steve Sharer (RipRap Security), will be hosting a session on April 29, 2026, about foundational cybersecurity best practices. Through this questionnaire, we hope to:

Develop specific and actionable recommendations
Ensure the session series is highly relevant to the TAG community
Share anonymized, aggregate survey results to help you benchmark against peer organizations

Instructions: For each question, select the response that best reflects your understanding of your organization. The survey contains 16 multiple-choice questions and should take approximately 3-4 minutes to complete.

Demographics
These questions help us understand the size and structure of participating organizations.

2.What workplace model do you use?(Required.)

Fully remote

Hybrid

In-person

3.Who is responsible for IT and Security at your organization?(Required.)

Staff member who wears hats in addition to IT and security hats

External IT managed service provider

Full-time, dedicated IT and/or security personnel

No one is formally responsible

4.Do you issue laptops to staff?(Required.)

All staff

Some staff

Security
These questions assess foundational cyber security practices at your organization. If you're unsure about any answer, select "Unsure"—that's useful information too.

5.Do you maintain an inventory of hardware and software used at your organization?(Required.)

6.Do you have device management in place for organizationally issued computers?(Required.)

Yes

Unsure

7.Does your organization require multi-factor authentication (MFA) for your productivity suite (Google Workspace, Microsoft 365, etc.)(Required.)

Yes

Unsure

Other (please specify)

8.Do you provide a password manager for staff?(Required.)

Yes

Unsure

9.Do you provide at least quarterly cyber security training for staff?(Required.)

Yes

Unsure

10.Do you have any tools installed on computers to detect malicious activity (anti-virus, endpoint detection & response tools, etc)?(Required.)

Yes, built-in tools that come with the computer’s operating system

Yes, centrally-managed tools (SentinelOne, Crowdstrike, Huntress, etc)

Unsure

11.Do you have an incident response plan?(Required.)

Yes

Unsure

12.Do you have cyber insurance?(Required.)

Yes

Unsure

13.Do you vet potential vendors on their security procedures and policies? (Required.)

Yes

Unsure

14.Do you have a data governance policy?(Required.)

Yes

Unsure

15.Do you back up data in your productivity suite to an external, third-party service?(Required.)

Yes

Unsure