Napsauttamalla ”Hyväksy” hyväksyt evästeiden tallentamisen laitteellesi sivuston navigoinnin parantamiseksi, sivuston käytön analysoimiseksi ja markkinointitoimissamme auttamiseksi. Katso meidän
Tietosuojakäytäntö
lisätietoja varten.
Kieltää
Hyväksy
Tietosuoja-asetukset
Välttämättömät evästeet
Vaaditaan
Markkinointievästeet
Olennaista
Mukauttamisevästeet
Olennaista
Analytics-evästeet
Olennaista
Hylkää kaikki evästeet
Salli kaikki evästeet
Tallenna asetukset
Ratkaisu
Ratkaisut
Prosessin kehittäminen
Keskitä toimittajien suojausprofiilit
Toimittajan due diligence
Pääsy laajaan olemassa olevaan toimittajakantaan
Tarkastelu ja korjaaminen
Automatisoi pisteytys käytäntöjen perusteella
Riskien havainnollistaminen
N-osapuoli- ja keskittymisriskit
Raportointi ja seuranta
Vastaa uusiin uhkiin
Käyttökohde-esimerkit
Tavarantoimittajan turvallisuuden ymmärtäminen
Säädösten noudattamisen varmistaminen
Tavarantoimittajia koskevien vaatimusten sertifiointi
Raportoinnin sujuvoittaminen
Kolmansien osapuolten rikkomusten hallinta
Yhteisöt
Julkinen sektori
Kriittinen kansallinen infrastruktuuri
Rahoitus- ja vakuutuspalvelut
Insurance
Teknologia
Esitelty tapaustutkimus
Katso kaikki tapaustutkimukset
Resurssit
Resurssit
Resurssikeskus
Kaikkien resurssien keskus
Akatemia
Opi toimitusketjun riskienhallinta
Tutkimus & Analyysi
Blogiviestit, raportit, valkoiset paperit, analyysi
Tapaustutkimukset
Asiakaskokemukset Risk Ledgeristä
Uutiset
Yritys- ja tuotepäivitykset
Tapahtumat
Webinaarit ja tulevat tapahtumat
Tyypit
Selittäjät ja oppaat
Uudet uhat
Tekniikka
Syväsukellukset
Data Insights -raportit
Analyysi
Suositeltu raportti
Katso kaikki raportit
Tuki
Apua
Ohjekeskus
Kaikki tuki yhdessä paikassa
FAQ
Usein kysytyt kysymykset
Tuotepäivitykset
Uutta ja muutosloki
Asiakastuki
Käytä teknistä tukea
Alusta
Tavarantoimittajat
Arviointikehys
Kirjaudu sisään
Kehittyvä uhka
Katso kaikki uhat
Yritys
Noin
Tietoa meistä
Risk Ledger -tarina
Työpaikat
Elämä riskissä -kirjanpito
Mediaresurssit
Lehdistökeskus
Ota yhteyttä
Keskustele oikeille ihmisille
Tietoa
Tietosuojakäytäntö
Käyttöehdot
Suojausprofiili
Suositellut uutiset
Katso kaikki uutiset
English
Finnish
Swedish
Norwegian
Danish
Kirjaudu sisään
Varaa aika esittelyyn
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Framework Domains
Supplier Assessment Framework
A
Security Governance
B
Security Certifications
C
HR Security
D
IT Operations
E
Software Development
F
Network and Cloud Security
G
Physical Security
H
Business Resilience
I
Supply Chain Management
J
Data Protection
K
Artificial Intelligence
XA
Financial Risk
XB
Environmental, Social and Governance
Domain
J
Data Protection
This domain covers compliance with data protection legislation.
05) Are you PCI DSS compliant?
Answer yes if your organisation is compliant with the PCI DSS security standard. If you have certified against the standard, please provide your certificate.
03) Do employees and contractors receive an information security and data protection training programme?
Answer yes if your organisation runs an information security and data protection training programme for all of your employees and third-party contractors. Please outline the nature and frequency of the training programme in the notes section, including any additional training provided to staff with greater responsibility, more privileged system access or access to confidential data.
29) Does your organisation encrypt client data on its IT systems using appropriate cryptographic standards?
Answer yes if your organisation encrypts client data on its IT systems. Please state the encryption algorithm used in the notes.
31) Does your organisation run any applications, operating systems or hardware that are no longer supported by the vendor and no longer receive security updates?
Answer yes if your organisation uses any IT systems that include applications, operating systems or hardware (including servers, network equipment or user devices) for which the vendors do not provide regular security updates. In the notes, please describe how you discover and manage these systems, including any compensatory controls you have in place to protect them and any plans for decommissioning or replacement.
34) Does your organisation encrypt the backups using appropriate cryptographic standards to prevent unauthorised access to the backup data?
Answer yes if your organisation encrypts the backups using appropriate cryptographic standards to prevent unauthorised access to the data. Please state the encryption algorithm used in the notes section.
03) Does your organisation develop applications and systems using security best practice (for example, by following the OWASP secure coding practices)?
Answer yes if your organisation's developers are instructed to build applications and systems using defined security best practice (for example, as defined by OWASP, The Open Web Application Security Project). Please state in the notes the best practise guidance followed and if your developers receive any additional security training.
06) Do all of your organisation's applications and systems use industry best practice for authentication, including storing all user passwords as appropriate hashes?
Answer yes if your organisation ensures that all of its applications and systems (that are developed/built in-house) use industry best practice for authentication, and that all passwords are stored as hashes using secure hashing algorithms rather than as plain text. In the notes section, where relevant, please state the name of the authentication provider used.
10) Does your organisation secure and encrypt remote connections to its network or environment using an appropriate control/protocol (for example, by using VPNs or SSH connections)?
Answer yes if your organisation forces all remote connections to its network infrastructure or cloud environment to be secured with a suitable solution such as a VPN or SSH connection. Please describe the nature of these controls in the notes section, both technical and procedural.
28) For how many months does your organisation store its user activity logs?
Answer by stating how many months the logs are kept for.
30) For how many months does your organisation store its root/super-user/administrator logs?
Please state how many months the logs are kept for.
07) Are all of your organisation's physical premises staffed 24/7 by a security team or reception team?
Answer yes if all of your organisation's physical premises are staffed 24/7 by an onsite security team, reception team, or both. If security is present for some hours (not 24/7), please answer no and state in the notes section the times during which the premises are manned.
06) Has your organisation conducted a regulatory compliance and security risk assessment of how your AI or AI-supported service processes and responds to client data and information?
Answer yes if your organisation has conducted and documented a regulatory compliance and security risk assessment for each AI or AI-supported service you provide. Examples of what should be considered in each risk assessment include: how the LLM service operates and is secured compared with the requirements of EU AI Act or the OWASP Top 10 for LLM, an evaluation of output accuracy or bias countermeasures, abuse prevention measures, and risk of Intellectual Property or Copyright infringement claims resulting from public use of AI-generated output. Please provide supporting document(s) (as a PDF file) evidencing the assessment(s), or describe the assessment(s) in the notes section.
07) Do your AI or AI-supported service(s) encourage service users to evaluate the AI model’s responses before use?
Answer yes if you have ensured, as far as you are able, that the users of your service have reviewed and evaluated the AI model output before use. The measures you have put in place should help mitigate the risks arising from inaccuracies or ‘hallucinations’ (plausible created statements) within AI outputs which, if applied without human review, can impact integrity and mislead decision-making. Depending on the service, this could include tagging output as 'AI generated' or providing workflows to enable the review.
23) Does your organisation conduct regular assurance activities against its suppliers to ensure they are operating in line with your own environmental, social and governance policies, including checking that they are compliant with relevant laws and regulations?
Answer yes if your organisation conducts regular (e.g. quarterly, annually) supplier assurance to ensure your suppliers meet the same standards of environmental management, social responsibility, and governance that is expected of your organisation, and that they are compliant with all applicable laws and regulations. Describe the nature and frequency of the assurance activities in the notes. If you use a supplier management system to support with this, please state which system you use.
Defend against supply chain attacks with Defend-As-One.
No organisation is an island.
Varaa aika esittelyyn
Churchill House, 142-146 Old St
London, EC1V 9BW
Yhdistynyt kuningaskunta