You can download the EDRM Security Questionnaire on this site, http://www.edrm.net/resources/security-audit-questionnaire/ . The questionnaire is an Excel spreadsheet which breaks down questions on key areas of data security on seven different worksheets:

A. General B. Security & Risk Management C. Asset Security D. Communications & Network Security E. Identity & Access Management F. Security Operations G. Software Development Security

The questionnaire grades a security program based on its ISO 27001 and other certifications, whether it has information security policies, the existence of remediation plans, whether or not employees can anonymously report breaches, the management of environment controls, the use of data centers, the regular use of log networking, the use Unified Threat Management for a firewalls, the use of TLS for email encryption, the use of two factor authentication, Active Directory / LDAP integrations, network penetration testing, and many other factors - 74 in all.

The self grader gives a value for his or her organization's level of compliance with different practices suggested by the EDRM on a scale of 10 to 1 - 10 being unacceptable, and 4 being reasonable. The individual grades are aggregated in a total score