Supplier Cyber Security Practices Survey Question Title * 1. Please provide your company name and supplier code. Company Name JAC Supplier Code Question Title * 2. Contact information for the person completing this survey. Name Email Address Phone Number Question Title * 3. Who is responsible for cybersecurity within the organization? Name Title Email Question Title * 4. What is your backup procedure? Question Title * 5. Does your organization have a documented information security management system (ISMS)? Yes No Question Title * 6. Is your organization certified to an information security strategy such as NIST, TISAX, ISO 27001, ... Yes No Comment / Clarification (If yes, please provide the standard.) Question Title * 7. Do you have a documented and enforced password policy for all user and administrative accounts that includes password length, password complexity, and frequency of change? Yes No Question Title * 8. Please indicate if your organization uses multi-factor authentication (MFA) for the following: Computer Login Email VPN / Remote Access Cloud Applications Other (please specify) None of the above Question Title * 9. Do you have automated tools that continuously monitor to ensure malicious software is not deployed? Yes No Question Title * 10. How often are cyber security training sessions conducted for employees? Quarterly or more frequently Bi-annually Annually Ad-hoc None of the above Question Title * 11. Do you have a disaster recovery plan? Describe it. Yes No If yes, please describe the plan. Question Title * 12. Does your organization have a continegency plan if you experience a disruption due to a cyber incident? Yes No Question Title * 13. Describe your process to communicate to JAC Products if a security incident occurs, affecting JAC Products' data. Question Title * 14. Has your organization experienced a cyber incident or computer related incident in the past 24 months that either affected your ability to meet customer requirements, resulted in the loss of confidential information, or required reporting to an external party? Yes No If yes, please provide additional information. Question Title * 15. Do you evaluate information and cyber security preparedness within your supply chain? Please provide a brief explanation. Yes No Brief Explanation Question Title * 16. Have you returned a signed copy of JAC's Supplier Declaration? If not, please review and return separately. Yes No Question Title * 17. Please provide any additional information that you believe is relevant. Done