Basic checklist to check your backup and disaster recovery program:

• Are all critical data and systems backed up regularly and securely?
• Are the backups stored in a secure and offsite location?
• Are the backups tested periodically for data integrity and restoration capabilities?
• Does the disaster recovery plan include steps for restoring data and systems in a timely manner?

Basic checklist of questions to ask your vendors about third party risk:

• Do you have a documented security program and incident response plan?
• How do you identify and manage risks related to data privacy and security?
• Do you conduct regular security assessments and penetration testing?
• Are your employees trained on security awareness and incident response?

Basic checklist of questions to prepare for an ISO or SCO audit:

• Do you have a documented information security management system (ISMS)?
• Are all security policies and procedures documented and up-to-date?
• Have you conducted a risk assessment and developed a risk management plan?
• Do you have a process for continuous monitoring and improvement of security controls?

Basic check of questions to ask about your security posture:

• Do you have a security program in place, and is it documented and up-to-date?
• Have you conducted a vulnerability assessment and penetration testing?
• Are all security incidents logged, tracked, and resolved?
• Have you implemented multi-factor authentication, encryption, and other best practices to protect data and systems?