Would you like to use previous results to populate the questionnaire?

If you have a file of unfinished results that you wish to go back to you can upload them here and the questionnaire will autopopulate with your answers

Load Results

Governance

Strategy and Metrics

 Do you understand the enterprise-wide risk appetite for your applications ?
You capture the risk appetite of your organization's executive leadership
 Do you have a strategic plan for application security and use it to make decisions?
The plan reflects the organization's business priorities and risk appetite
 Do you regularly review and update the Strategic Plan for Application Security?
You review and update the plan in response to significant changes in the business environment, the organization, or its risk appetite
 Do you use a set of metrics to measure the effectiveness and efficiency of the application security program across applications?
You document each metric, including a description of the sources, measurement coverage, and guidance on how to use it to explain application security trends
 Did you define Key Perfomance Indicators (KPI) from available application security metrics?
You defined KPIs after gathering enough information to establish realistic objectives
 Do you update the Application Security strategy and roadmap based on application security metrics and KPIs?
You review KPIs at least yearly for their efficiency and effectiveness

Policy and Compliance

Education and Guidance