NotInc, Inc. provides consulting services. Their specialty is widgets. They have a handful of Fortune 500 companies as clients where they coach design through distribution of these widgets.
Kelly, COO, for NotInc recently received an email from their second largest client. It read:
“Kelly – We are tightening up our security controls and our risk management team would like you to fill out the attached questionnaire. It’s all routine security stuff, I’m sure you’re already doing everything already. If you could fill this out and return it to me in the next week or so, that would be great. I’ll get this to the correct risk management team member internally here and they will upload your answers into our tracking system.”
Kelly wasn’t concerned yet, but then opened the attachment. Included in the Excel document were pages and pages of questions, guidelines, and multiple choice answers. To make matters worse, each answer then had to be graded on a maturity level.