SAF Search

This domain covers how your security governance is designed, implemented, and maintained.

This domain covers how your organisation maintains compliance with key security certifications.

This domain covers the security controls you have implemented to mitigate security risk from your employees.

This domain covers the security controls you have implemented to maintain the health of your IT systems and processes.

This domain covers the security controls you have implemented during the development of your IT applications.

This domain covers the security controls you have implemented to maintain the security and integrity of your corporate network and any cloud infrastructure.

This domain covers the physical security controls you have implemented to protect your organisation's physical premises.

This domain covers the processes and plans you have in place to ensure a quick recovery if a failure occurs.

This domain covers the processes and controls you have in place to ensure the security risk from your supply chain is mitigated.

This domain covers compliance with data protection legislation.

This domain covers use of Artificial Intelligence (AI) in your organisation and what you have done to prevent, identify, and respond to evidence of risk.

This domain covers financial risk in your organisation and what you have done to prevent, identify, and respond to evidence of financial risk.

This domain covers how your organisation manages and governs its environmental and social impact.

Answer yes if you have an internal team who audit your security function against your policies to ensure compliance. Please comment on the frequency of the audits in the notes.

Answer yes if your organisation is compliant with the PCI DSS security standard. If you have answered no, please state whether or not you process, store or transmit payment card data. If you have certified against the standard, please provide your certificate.

Answer yes if background checks are conducted against staff before they join your organisation. In the notes section, please outline the types of checks (e.g. employer reference, criminal records, BPSS, CTC, SC, DV) conducted for which roles or provide a supporting document (as a PDF file) as evidence.

Answer yes if your organisation has a formal disciplinary process that is followed if an employee is found to have intentionally breached company policy. Please provide a document outlining the process (as a PDF file) as evidence (this may be covered by your organisation's Disciplinary Policy).

Please enter the most recent measurement for your scope 1 emissions in tonnes of CO2 equivalent. Please state when this was last measured and provide further information on the scope and method of measurement, if applicable, in the notes section. If you do not measure scope 1 emissions, please enter zero as your numerical answer and state this clearly in the notes section.

Please enter the most recent measurement for your scope 2 emissions in tonnes of CO2 equivalent. Please state when this was last measured and provide further information on the scope and method of measurement, if applicable, in the notes section. If you do not measure scope 2 emissions, please enter zero as your numerical answer and state this clearly in the notes section.

Please enter the most recent measurement for your scope 3 emissions in tonnes of CO2 equivalent. Please state when this was last measured and provide further information on the scope and method of measurement, if applicable, in the notes section. If you do not measure scope 3 emissions, please enter zero as your numerical answer and state this clearly in the notes section.