Napsauttamalla ”Hyväksy” hyväksyt evästeiden tallentamisen laitteellesi sivuston navigoinnin parantamiseksi, sivuston käytön analysoimiseksi ja markkinointitoimissamme auttamiseksi. Katso meidän Tietosuojakäytäntö lisätietoja varten.
KieltääHyväksy
Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Domain
A
Security Governance
This domain covers how your security governance is designed, implemented, and maintained.
Security Risks
Domain
B
Security Certifications
This domain covers how your organisation maintains compliance with key security certifications.
Security Risks
Domain
C
HR Security
This domain covers the security controls you have implemented to mitigate security risk from your employees.
Security Risks
Domain
D
IT Operations
This domain covers the security controls you have implemented to maintain the health of your IT systems and processes.
Security Risks
Domain
E
Software Development
This domain covers the security controls you have implemented during the development of your IT applications.
Security Risks
Domain
F
Network and Cloud Security
This domain covers the security controls you have implemented to maintain the security and integrity of your corporate network and any cloud infrastructure.
Security Risks
Domain
G
Physical Security
This domain covers the physical security controls you have implemented to protect your organisation's physical premises.
Security Risks
Domain
H
Business Resilience
This domain covers the processes and plans you have in place to ensure a quick recovery if a failure occurs.
Security Risks
Domain
I
Supply Chain Management
This domain covers the processes and controls you have in place to ensure the security risk from your supply chain is mitigated.
Security Risks
Domain
J
Data Protection
This domain covers compliance with data protection legislation.
Security Risks
Domain
K
Artificial Intelligence
This domain covers use of Artificial Intelligence (AI) in your organisation and what you have done to prevent, identify, and respond to evidence of risk.
Security Risks
Domain
XA
Financial Risk
Financial Controls to prevent, identify, and respond to evidence of financial crime are also included in Risk Ledger's Supplier Assessment Framework. This includes checks for compliance with relevant Anti-Money Laundering (AML) regulations, applicable Anti-Bribery and Corruption (AB&C) legislation, fraud prevention and sanctions.
Financial Risk
Domain
XB
Environmental, Social and Governance
This add-on domain covers how your organisation manages and governs its environmental and social impact.
Environmental, Social and Governance
Domain
XC
UK Government Data and Personnel Security
This add-on domain is specific to suppliers working with the UK government. Please reach out to support@riskledger.com if you need help with this domain.
UK Government Data and Personnel Security
Domain A Question
20
20) Does your organisation have an internal audit function that ensures information security requirements are being met by the business?
Answer yes if you have an internal team who audit your security function against your policies to ensure compliance. Please comment on the frequency of the audits in the notes.
Domain B Question
5
05) Are you PCI DSS compliant?
Answer yes if your organisation is compliant with the PCI DSS security standard. If you have answered no, please state whether or not you process, store or transmit payment card data. If you have certified against the standard, please provide your certificate.
Domain B Question
7
7) Does your organisation have a defined process for managing and monitoring Third-Party Service Providers (TPSP) that provide services impacting your PCI DSS compliance?
Domain B Question
8
8) Does your organisation have any other certifications or audit reports that cover information security (such as a SOC 2 report)?
Domain C Question
1
01) Does your organisation perform background checks on staff and contractors?
Answer yes if background checks are conducted against staff before they join your organisation. In the notes section, please outline the types of checks (e.g. employer reference, criminal records, BPSS, CTC, SC, DV) conducted for which roles or provide a supporting document (as a PDF file) as evidence.
Domain C Question
4
04) Is there a formal disciplinary process for employees who have breached company policy (including any breaches of company security policy)?
Answer yes if your organisation has a formal disciplinary process that is followed if an employee is found to have intentionally breached company policy. Please provide a document outlining the process (as a PDF file) as evidence (this may be covered by your organisation's Disciplinary Policy).
Domain E Question
13
13) Is your organisation able to demonstrate the composition and provenance of software it develops (including third-party and open-source components)?
Domain E Question
14
14) Does your organisation continuously monitor all software components for vulnerabilities?
Domain F Question
33
33) Is your organisation currently registered with the UK National Cyber Security Centre’s (NCSC) Early Warning service?
Domain L Question
7
07) What are your scope 1 emissions (tonnes of CO2 equivalent per year)?
Please enter the most recent measurement for your scope 1 emissions in tonnes of CO2 equivalent. Please state when this was last measured and provide further information on the scope and method of measurement, if applicable, in the notes section. If you do not measure scope 1 emissions, please enter zero as your numerical answer and state this clearly in the notes section.
Domain L Question
8
08) What are your scope 2 emissions (tonnes of CO2 equivalent per year)?
Please enter the most recent measurement for your scope 2 emissions in tonnes of CO2 equivalent. Please state when this was last measured and provide further information on the scope and method of measurement, if applicable, in the notes section. If you do not measure scope 2 emissions, please enter zero as your numerical answer and state this clearly in the notes section.
Domain L Question
9
09) What are your scope 3 emissions (tonnes of CO2 equivalent per year)?
Please enter the most recent measurement for your scope 3 emissions in tonnes of CO2 equivalent. Please state when this was last measured and provide further information on the scope and method of measurement, if applicable, in the notes section. If you do not measure scope 3 emissions, please enter zero as your numerical answer and state this clearly in the notes section.
Framework Domains

7) Does your organisation have a defined process for managing and monitoring Third-Party Service Providers (TPSP) that provide services impacting your PCI DSS compliance?

Answer yes if you have a defined process for monitoring the PCI DSS compliance status of any relevant TPSPs. For applicable TPSPs, provide their AoC.

How to implement the control

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.

Varaa aika esittelyyn
Support
Framework
Domains
B
7
© 2025 Risk Ledger Ltd
EvästeetTietosuojakäytäntöKäyttöehdotSuojausprofiiliVulnerability Disclosure Policy