Ved at klikke på „Accepter“ accepterer du lagring af cookies på din enhed for at forbedre webstedsnavigation, analysere webstedsbrug og hjælpe med vores markedsføringsindsats. Se vores
Privatlivspolitik
for mere information.
nægte
Acceptere
Privatlivsindstillinger
Væsentlige cookies
Påkrævet
Markedsføringscookies
Væsentlig
Personaliseringscookies
Væsentlig
Analysecookies
Væsentlig
Afvis alle cookies
Tillad alle cookies
Gem præferencer
Løsning
Løsninger
Forbedr jeres proces
Centraliser leverandørsikkerhedsprofiler
Due diligence over for leverandører
Få adgang til stor eksisterende leverandørbase
Gennemgå og afhjælp
Automatiser scoring baseret på politikker
Visualiser risici
Niende part og koncentrationsrisici
Rapportér og overvåg
Reagere på nye trusler
Eksempler på sager
Forstå leverandørsikkerhed
Sikr overholdelse af lovgivningen
Certificér leverandørstandarder
Strømlin rapportering
Administrér en overtrædelse hos tredjepart
Fællesskaber
Offentlig sektor
Kritisk national infrastruktur
Finansielle tjenester og forsikring
Insurance
Teknologi
Fremhævet casestudie
Se alle casestudier
Ressourcer
Ressourcer
Ressourcecenter
Knudepunktet for alle ressourcer
Akademiet
Lær risikostyring i forsyningskæden
Forskning & Analyse
Blogindlæg, rapporter, hvidbøger, analyse
Casestudier
Kundeoplevelser med Risk Ledger
Nyheder
Virksomheds- og produktopdateringer
Begivenheder
Webinarer og kommende events
Typer
Forklarere og vejledninger
Nye trusler
Ingeniørarbejde
Dybe dyk
Rapporter om dataindsigt
Analyse
Fremhævet rapport
Se alle rapporter
Støtte
Hjælp
Hjælpecenter
Al support på ét sted
OFTE STILLEDE SPØRGSMÅL
Ofte stillede spørgsmål
Produktopdateringer
Nyheder & changelog
Kundesupport
Få adgang til teknisk support
Platformen
Leverandører
Vurderingsramme
Log ind
Nye trusler
Se alle trusler
Firma
Om
Om os
Historien om Risk Ledger
Karriere
Life at Risk Ledger
Medieaktiver
Pressecenter
Kontakt os
Tal med de rigtige mennesker
Info
Privatlivspolitik
Servicevilkår
Sikkerhedsprofil
Fremhævede nyheder
Se alle nyheder
English
Finnish
Swedish
Norwegian
Danish
Log ind
Book en demo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Framework Domains
Supplier Assessment Framework
A
Security Governance
B
Security Certifications
C
HR Security
D
IT Operations
E
Software Development
F
Network and Cloud Security
G
Physical Security
H
Business Resilience
I
Supply Chain Management
J
Data Protection
K
Artificial Intelligence
XA
Financial Risk
XB
Environmental, Social and Governance
Domain
J
Data Protection
This domain covers compliance with data protection legislation.
05) Are you PCI DSS compliant?
Answer yes if your organisation is compliant with the PCI DSS security standard. If you have certified against the standard, please provide your certificate.
03) Do employees and contractors receive an information security and data protection training programme?
Answer yes if your organisation runs an information security and data protection training programme for all of your employees and third-party contractors. Please outline the nature and frequency of the training programme in the notes section, including any additional training provided to staff with greater responsibility, more privileged system access or access to confidential data.
29) Does your organisation encrypt client data on its IT systems using appropriate cryptographic standards?
Answer yes if your organisation encrypts client data on its IT systems. Please state the encryption algorithm used in the notes.
31) Does your organisation run any applications, operating systems or hardware that are no longer supported by the vendor and no longer receive security updates?
Answer yes if your organisation uses any IT systems that include applications, operating systems or hardware (including servers, network equipment or user devices) for which the vendors do not provide regular security updates. In the notes, please describe how you discover and manage these systems, including any compensatory controls you have in place to protect them and any plans for decommissioning or replacement.
34) Does your organisation encrypt the backups using appropriate cryptographic standards to prevent unauthorised access to the backup data?
Answer yes if your organisation encrypts the backups using appropriate cryptographic standards to prevent unauthorised access to the data. Please state the encryption algorithm used in the notes section.
03) Does your organisation develop applications and systems using security best practice (for example, by following the OWASP secure coding practices)?
Answer yes if your organisation's developers are instructed to build applications and systems using defined security best practice (for example, as defined by OWASP, The Open Web Application Security Project). Please state in the notes the best practise guidance followed and if your developers receive any additional security training.
06) Do all of your organisation's applications and systems use industry best practice for authentication, including storing all user passwords as appropriate hashes?
Answer yes if your organisation ensures that all of its applications and systems (that are developed/built in-house) use industry best practice for authentication, and that all passwords are stored as hashes using secure hashing algorithms rather than as plain text. In the notes section, where relevant, please state the name of the authentication provider used.
10) Does your organisation secure and encrypt remote connections to its network or environment using an appropriate control/protocol (for example, by using VPNs or SSH connections)?
Answer yes if your organisation forces all remote connections to its network infrastructure or cloud environment to be secured with a suitable solution such as a VPN or SSH connection. Please describe the nature of these controls in the notes section, both technical and procedural.
28) For how many months does your organisation store its user activity logs?
Answer by stating how many months the logs are kept for.
30) For how many months does your organisation store its root/super-user/administrator logs?
Please state how many months the logs are kept for.
07) Are all of your organisation's physical premises staffed 24/7 by a security team or reception team?
Answer yes if all of your organisation's physical premises are staffed 24/7 by an onsite security team, reception team, or both. If security is present for some hours (not 24/7), please answer no and state in the notes section the times during which the premises are manned.
06) Has your organisation conducted a regulatory compliance and security risk assessment of how your AI or AI-supported service processes and responds to client data and information?
Answer yes if your organisation has conducted and documented a regulatory compliance and security risk assessment for each AI or AI-supported service you provide. Examples of what should be considered in each risk assessment include: how the LLM service operates and is secured compared with the requirements of EU AI Act or the OWASP Top 10 for LLM, an evaluation of output accuracy or bias countermeasures, abuse prevention measures, and risk of Intellectual Property or Copyright infringement claims resulting from public use of AI-generated output. Please provide supporting document(s) (as a PDF file) evidencing the assessment(s), or describe the assessment(s) in the notes section.
07) Do your AI or AI-supported service(s) encourage service users to evaluate the AI model’s responses before use?
Answer yes if you have ensured, as far as you are able, that the users of your service have reviewed and evaluated the AI model output before use. The measures you have put in place should help mitigate the risks arising from inaccuracies or ‘hallucinations’ (plausible created statements) within AI outputs which, if applied without human review, can impact integrity and mislead decision-making. Depending on the service, this could include tagging output as 'AI generated' or providing workflows to enable the review.
23) Does your organisation conduct regular assurance activities against its suppliers to ensure they are operating in line with your own environmental, social and governance policies, including checking that they are compliant with relevant laws and regulations?
Answer yes if your organisation conducts regular (e.g. quarterly, annually) supplier assurance to ensure your suppliers meet the same standards of environmental management, social responsibility, and governance that is expected of your organisation, and that they are compliant with all applicable laws and regulations. Describe the nature and frequency of the assurance activities in the notes. If you use a supplier management system to support with this, please state which system you use.
Defend against supply chain attacks with Defend-As-One.
No organisation is an island.
Book en demo
Churchill House, 142-146 Old St.
London, EC1V 9BW
Det Forenede Kongerige