What Not to Submit

BESTcyberIQ assessment fields are designed to capture your security practices and control maturity — not sensitive data itself. Please do not enter any of the following into assessment response fields, notes, or any other free-text areas of the platform:

• Passwords, PINs, or authentication credentials of any kind
• API keys, private keys, access tokens, or secrets
• Social Security Numbers or government-issued ID numbers
• Payment card numbers or banking credentials
• Personal health information (PHI) or HIPAA-regulated data
• Customer names, emails, or any customer personally identifiable information (PII)
• Detailed vulnerability exploit code or active threat intelligence
• Confidential contracts, legal documents, or trade secrets

Why this matters: Assessment responses are stored to power your score history and recommendations. They are not designed as a secure vault for sensitive data.

If you have questions about what is appropriate to include, email william@bestcyberiq.com.