Use this worksheet to prepare credible answers about cybersecurity controls, data protection, access, backups, and incident readiness before a grant report, board review, or funder conversation.
Use this as a working document. For each funder, board, customer, or insurer question, write the plain-English answer first, then list what evidence supports it and what still needs to be fixed.
| Question from stakeholder | What they are really asking | Current answer | Evidence we have | Evidence missing | Owner / due date |
|---|---|---|---|---|---|
| Where is sensitive data stored? | Do you know the systems, vendors, data locations, and administrators? | Write current answer... | Link policy, inventory, vendor notes... | Data map, access list, retention notes... | Name / date... |
| How is access controlled? | Can you prove MFA, admin boundaries, onboarding, offboarding, and review cadence? | Write current answer... | Access review, screenshots, policy... | Review records, admin cleanup... | Name / date... |
| What would you do during a breach? | Is there a response owner, escalation path, containment plan, and communication process? | Write current answer... | IR plan, call list, tabletop notes... | Templates, legal contacts, exercise... | Name / date... |
| How do you recover critical data? | Are backups configured, protected, monitored, and tested? | Write current answer... | Backup logs, restore test, retention... | Restore evidence, coverage gaps... | Name / date... |
Send a short note if you want help turning funder questions into a practical evidence plan, security assessment, or remediation roadmap.