|
Mandatory/optional
|
Scope (filter)
|
Variable
|
|
Mandatory variables
|
|
|
(1)
|
main economic activity of the enterprise, in the previous calendar year
|
|
(2)
|
average number of employees and self-employed persons, in the previous calendar year
|
|
(3)
|
total value of turnover (excluding VAT), in the previous calendar year
|
|
(4)
|
number of employees and self-employed persons or percentage of the total number of employees and self-employed persons who have access to the internet for business purposes
|
|
(5)
|
employment of ICT specialists
|
|
(6)
|
provision of any type of training to develop ICT-related skills for ICT specialists, in the previous calendar year
|
|
(7)
|
provision of any type of training to develop ICT-related skills for other persons employed, in the previous calendar year
|
|
(8)
|
recruitment of or the attempt to recruit ICT specialists in the previous calendar year
|
|
(9)
|
performance of ICT functions (such as maintenance of ICT infrastructure, support for office software, development or support of business management software/systems and/or web solutions, security and data protection) by own employees (including those employed in parent or affiliate enterprises), in the previous calendar year
|
|
(10)
|
performance of ICT functions (such as maintenance of ICT infrastructure, support for office software, development or support of business management software/systems and/or web solutions, security and data protection) by external suppliers, in the previous calendar year
|
|
(11)
|
Use of industrial robots
|
|
(12)
|
Use of service robots
|
|
(13)
|
application of measures to affect the following in the enterprise: Amount of paper used for printing and copying
|
|
(14)
|
application of measures to affect the following in the enterprise: Energy consumption of the ICT equipment
|
|
(15)
|
consideration by the enterprise of environmental impact of ICT services, or ICT equipment when selecting them (for example energy consumption)
|
|
(16)
|
disposal of ICT equipment (such as computers, monitors, mobile phones) in electronic waste collection/recycling (including leaving it to the retailer to dispose of) when it is no longer used
|
|
(17)
|
keeping of ICT equipment (such as computers, monitors, mobile phones) in the enterprise when it is no longer used (for example to be used as spare parts, fear of sensitive information being disclosed)
|
|
(18)
|
selling, returning to a leasing enterprise or donating ICT equipment (such as computers, monitors, mobile phones) when it is no longer used
|
|
|
(ii)
|
for enterprises with employees and self-employed persons who have access to the internet for business purposes:
|
|
|
(19)
|
internet connection: use of any type of fixed line connection
|
|
(20)
|
conduct of remote meetings
|
|
(21)
|
remote access (via computers or portable devices such as smartphones) of persons employed to email system of the enterprise
|
|
(22)
|
remote access (via computers or portable devices such as smartphones) of persons employed to documents of the enterprise (such as files, spreadsheets, presentations, charts, photos)
|
|
(23)
|
remote access (via computers or portable devices such as smartphones) of persons employed to business applications or software of the enterprise (such as access to accounting, sales, orders, CRM (excluding applications used for internal communication))
|
|
(24)
|
web sales of goods or services via the enterprise’s websites or apps (including extranets), in the previous calendar year
|
|
(25)
|
web sales of goods or services via e-commerce marketplace websites or apps used by several enterprises for trading goods or services, in the previous calendar year
|
|
(26)
|
EDI-type sales (receipt of orders placed via Electronic Data Interchange messages) of goods or services, in the previous calendar year
|
|
(27)
|
application of the ICT security measures on enterprise’s ICT systems: authentication via strong password (such as minimum length, use of numbers and special characters, changed periodically)
|
|
(28)
|
application of the ICT security measures on enterprise’s ICT systems: authentication via biometric methods used to access the enterprise’s ICT system (such as authentication based on fingerprints, voice, face)
|
|
(29)
|
application of the ICT security measures on enterprise’s ICT systems: authentication based on a combination of at least two authentication mechanisms (i.e. combination of for example user-defined password, one-time password (OTP), code generated via a security token or received via a smartphone, biometric method (such as based on fingerprints, voice, face));
|
|
(30)
|
application of the ICT security measures on enterprise’s ICT systems: encryption of data, documents or e-mails
|
|
(31)
|
application of the ICT security measures on enterprise’s ICT systems: data backup to a separate location (including backup to the cloud)
|
|
(32)
|
application of the ICT security measures on enterprise’s ICT systems: network access control (management of user rights in enterprise’s network)
|
|
(33)
|
application of the ICT security measures on enterprise’s ICT systems: VPN (Virtual Private Network, which extends the private network across a public network to enable secure exchange of data over public network);
|
|
(34)
|
application of the ICT security measures on enterprise’s ICT systems: ICT security monitoring system that allows to detect suspicious activity in the ICT systems and alerts the enterprise about it, other than standalone anti-virus software
|
|
(35)
|
application of the ICT security measures on enterprise’s ICT systems: maintaining log files that enable analysis after ICT security incidents
|
|
(36)
|
application of the ICT security measures on enterprise’s ICT systems: ICT risk assessment, i.e. periodical assessment of probability and consequences of ICT security incidents
|
|
(37)
|
application of the ICT security measures on enterprise’s ICT systems: ICT security tests (such as performing penetration tests, testing security alert system, reviewing security measures, testing of backup systems)
|
|
(38)
|
making persons employed aware of their obligations in ICT security related issues through voluntary training or internally available information (such as information on the intranet)
|
|
(39)
|
making persons employed aware of their obligations in ICT security related issues through compulsory training courses or viewing compulsory material
|
|
(40)
|
making persons employed aware of their obligations in ICT security related issues through a contract (such as a contract of employment)
|
|
(41)
|
availability of document(s) on measures, practices or procedures on ICT security, such as documents on ICT security and confidentiality of data covering employee training in ICT use, ICT security measures, the evaluation of ICT security measures, plans for updating ICT security documents
|
|
(42)
|
ICT related security incidents experienced in the previous calendar year leading to the following consequences: unavailability of ICT services due to hardware or software failures
|
|
(43)
|
ICT related security incidents experienced in the previous calendar year leading to the following consequences: unavailability of ICT services due to attack from outside, such as ransomware attacks, Denial of Service attacks
|
|
(44)
|
ICT related security incidents experienced in the previous calendar year leading to the following consequences: destruction or corruption of data due to hardware or software failures
|
|
(45)
|
ICT related security incidents experienced in the previous calendar year leading to the following consequences: destruction or corruption of data due to infection of malicious software or unauthorised intrusion
|
|
(46)
|
ICT related security incidents experienced in the previous calendar year leading to the following consequences: disclosure of confidential data due to intrusion, pharming, phishing attack, intentional actions by own employees
|
|
(47)
|
ICT related security incidents experienced in the previous calendar year leading to the following consequences: disclosure of confidential data due to unintentional actions by own employees
|
|
(48)
|
ICT security related activities such as security testing, ICT training on security, resolving ICT security incidents (excluding upgrades of pre-packaged software) carried out by enterprise’s own employees (including those employed in parent or affiliate enterprises)
|
|
(49)
|
ICT security related activities such as security testing, ICT training on security, resolving ICT security incidents (excluding upgrades of pre-packaged software) carried out by external suppliers
|
|
(50)
|
availability of an insurance against ICT security incidents
|
|
|
(iii)
|
for enterprises using any type of fixed line internet connection:
|
|
|
(51)
|
maximum contracted download speed of the fastest fixed line internet connection in the ranges: [0 Mbit/s, < 30 Mbit/s], [30 Mbit/s, < 100 Mbit/s], [100 Mbit/s, < 500 Mbit/s], [500 Mbit/s, < 1 Gbit/s], [≥ 1 Gbit/s]
|
|
|
(iv)
|
for enterprises conducting remote meetings
|
|
|
(52)
|
having any ICT security guidelines for conducting remote meetings via the internet such as password requirement, end-to-end encryption
|
|
(53)
|
availability of guidelines to favour remote meetings via internet instead of business travelling
|
|
|
(v)
|
for enterprises having employees or self-employed persons with remote access to the email system of the enterprise
|
|
|
(54)
|
number of employees and self-employed persons or percentage of the total number of employees and self-employed persons having remote access to the email system of the enterprise
|
|
|
(vi)
|
for enterprises having employees or self-employed persons with remote access to the documents or business applications or software of the enterprise
|
|
|
(55)
|
number of employees and self-employed persons or percentage of the total number of employees and self-employed persons having remote access to documents, business applications or software of the enterprise
|
|
|
(vii)
|
for enterprises having employees or self-employed persons with remote access to the email system of the enterprises or to documents of the enterprise or to business applications or software of the enterprise
|
|
|
(56)
|
having any ICT security guidelines for remote access such as requirement to conduct password-secured remote meetings, prohibition of using of public Wi-Fi for work, use of VPN, requirements concerning privacy of data
|
|
|
(viii)
|
for enterprises which had web sales, in the previous calendar year:
|
|
|
(57)
|
value of web sales of goods or services, or percentage of total turnover generated by web sales of goods and services, in the previous calendar year
|
|
(58)
|
percentage of value of web sales generated by web sales to private consumers (Business to Consumers: B2C), in the previous calendar year
|
|
(59)
|
percentage of value of web sales generated by web sales to other enterprises (Business to Business: B2B) and to public sector (Business to Government: B2G), in the previous calendar year
|
|
|
(ix)
|
for enterprises which had web sales of goods and services via the enterprise’s websites or apps and via e-commerce marketplace websites or apps used by several enterprises for trading goods or services, in the previous calendar year:
|
|
|
(60)
|
percentage of value of web sales of goods or services generated by sales via the enterprise’s websites or apps, in the previous calendar year
|
|
(61)
|
percentage of value of web sales of goods or services generated by sales via e-commerce marketplace websites or apps used by several enterprises for trading goods or services, in the previous calendar year
|
|
|
(x)
|
for enterprises which had EDI-type sales of goods and services, in the previous calendar year:
|
|
|
(62)
|
value of EDI-type sales of goods or services or percentage of the total turnover generated by EDI-type sales of goods or services, in the previous calendar year
|
|
|
(xi)
|
for enterprises which have recruited or tried to recruit ICT specialists in the previous calendar year
|
|
|
(63)
|
vacancies for ICT specialists that were difficult to fill
|
|
|
(xii)
|
for enterprises which have document(s) on measures, practices or procedures on ICT security
|
|
|
(64)
|
most recent definition or review of enterprise’s document(s) on measures, practices or procedures on ICT security: within the last 12 months, more than 12 months and up to twenty-four months ago, more than twenty-four months ago
|
|
|
(xiii)
|
for enterprises using industrial or services robots
|
|
|
(65)
|
reasons which influenced the decision to use robots in the enterprise: high cost of labour
|
|
(66)
|
reasons which influenced the decision to use robots in the enterprise: difficulties to recruit personnel
|
|
(67)
|
reasons which influenced the decision to use robots in the enterprise: to enhance safety at work
|
|
(68)
|
reasons which influenced the decision to use robots in the enterprise: to ensure high precision or standardized quality of processes and/or goods and services produced
|
|
(69)
|
reasons which influenced the decision to use robots in the enterprise: to expand the range of goods produced or services provided by the enterprise
|
|
(70)
|
reasons which influenced the decision to use robots in the enterprise: tax or other government incentives
|
|
|
Optional variables
|
|
(i)
|
for enterprises with employees and self-employed persons who have access to the internet for business purposes:
|
|
|
(1)
|
number of employees and self-employed persons, or percentage of the total number of employees and self-employed persons, using a portable device provided by the enterprise that allows connection to the internet via mobile telephone networks for business purposes
|
|
|
(ii)
|
for enterprises which had web sales, in the previous calendar year:
|
|
|
(2)
|
web sales to customers located in the enterprise’s own country, in the previous calendar year
|
|
(3)
|
web sales to customers located in other Member States, in the previous calendar year
|
|
(4)
|
web sales to customers located in the rest of the world, in the previous calendar year
|
|
|
(iii)
|
for enterprises which had web sales to customers located in at least two of the following geographic areas: own country, other Member States or rest of the world, in the previous calendar year:
|
|
|
(5)
|
percentage of value of web sales generated by web sales to customers located in enterprise’s own country, in the previous calendar year
|
|
(6)
|
percentage of value of web sales generated by web sales to customers located in other Member States, in the previous calendar year
|
|
(7)
|
percentage of value of web sales generated by web sales to customers located in the rest of the world, in the previous calendar year
|
|
|
(iv)
|
for enterprises which had web sales to customer located in other Member States, in the previous calendar year:
|
|
|
(8)
|
difficulties experienced when selling to other Member States: high costs of delivering or returning products, in the previous calendar year
|
|
(9)
|
difficulties experienced when selling to other Member States: difficulties related to resolving complaints or disputes, in the previous calendar year
|
|
(10)
|
difficulties experienced when selling to other Member States: adapting product labelling for sales to other Member States, in the previous calendar year
|
|
(11)
|
difficulties experienced when selling to other Member States: lack of knowledge of foreign languages for communicating with customers in other Member States, in the previous calendar year
|
|
(12)
|
difficulties experienced when selling to other Member States: restrictions from enterprise’s business partners to sell to certain Member States, in the previous calendar year
|
|
(13)
|
difficulties experienced when selling to other Member States: difficulties related to the VAT system in other Member States (such as uncertainty regarding VAT treatment in different countries), in the previous calendar year
|
|
|
(v)
|
for enterprises with vacancies for ICT specialists that were difficult to fill, when trying to recruit ICT specialists in the previous calendar year:
|
|
|
(14)
|
difficulties to recruit ICT specialists due to lack of applications, in the previous calendar year
|
|
(15)
|
difficulties to recruit ICT specialists due to applicants’ lack of relevant ICT related qualifications from education and/or training, in the previous calendar year
|
|
(16)
|
difficulties to recruit ICT specialists due to applicants’ lack of relevant work experience, in the previous calendar year
|
|
(17)
|
difficulties to recruit ICT specialists due to applicants’ too high salary expectations, in the previous calendar year
|
|
|
|
|
(vi)
|
for enterprises having industrial or service robots
|
|
|
(18)
|
number of industrial and service robots used by the enterprise
|
|
In force