Supplier Framework January Update
We regularly review and iterate on our Supplier Framework.
Reviews are completed every 6 months so that the framework stays relevant, useful and practical for all users of the platform.
Ensure vulnerabilities are managed appropriately
We have added a new control to the Network and Cloud Security domain to ensure that any identified vulnerabilities are triaged and remediated as appropriate.
Keeping it relevant for the remote world
Following user feedback, the Physical Security domain now has a scoping question asking whether suppliers rely on any physical premises to deliver their services or run their business. This could include, but is not limited to, office space, warehouses or data centres.
We have updated the wording of 15 controls to make them clearer and more meaningful, reducing ambiguity and ensuring suppliers can provide clear, accurate information to all their clients.