Supplier Assessment Framework
Knowledge Base
The Risk Ledger platform is based on our standardised, security-led Supplier Assessment Framework (SAF). Find out what that means here.
Security Governance
This domain covers how your security governance is designed, implemented, and maintained.
Security Certifications
This domain covers how your organisation maintains compliance with key security certifications.
HR Security
This domain covers the security controls you have implemented to mitigate security risk from your employees.
IT Operations
This domain covers the security controls you have implemented to maintain the health of your IT systems and processes.
Software Development
This domain covers the security controls you have implemented during the development of your IT applications.
Network and Cloud Security
This domain covers the security controls you have implemented to maintain the security and integrity of your corporate network and any cloud infrastructure.
Physical Security
This domain covers the physical security controls you have implemented to protect your organisation's physical premises.
Business Resilience
This domain covers the processes and plans you have in place to ensure a quick recovery if a failure occurs.
Supply Chain Management
This domain covers the processes and controls you have in place to ensure the security risk from your supply chain is mitigated.
Data Protection
This domain covers compliance with data protection legislation.
Financial Risk
This domain covers the financial controls you have implemented to prevent, identify, and respond to evidence of financial risk.
Environmental, Social and Governance
This domain covers how your organisation manages and governs its environmental and social impact.