Supplier Assessment Framework - Risk Ledger

Supplier Assessment Framework

This section covers the Risk Ledger Supplier Assessment Framework (SAF) by domain.

Within each domain, any scoping questions are listed as the number 00.

A) Statutory Requirements

This domain covers any legal, statutory, or regulatory requirements your organisation has to comply with.

1 articles in section

B) Security Certifications

This domain covers how your organisation maintains compliance with key security certifications.

6 articles in section

This domain covers compliance with the PCI DSS standard.

2 articles in section

This domain covers compliance with the GDPR.

11 articles in section

E) Security Governance

This domain covers how your security governance is designed, implemented, and maintained.

24 articles in section

This domain covers the security controls you have implemented to mitigate security risk from your employees.

5 articles in section

G) IT Operations

This domain covers the security controls you have implemented to maintain the health of your IT systems and processes.

35 articles in section

H) Application Security

This domain covers the security controls you have implemented during the development of your IT applications.

12 articles in section

I) Network and Cloud Security

This domain covers the security controls you have implemented to maintain the security and integrity of your corporate network and any cloud infrastructure.

31 articles in section

J) Physical Security

This domain covers the physical security controls you have implemented to protect your organisation's physical premises.

11 articles in section

K) Business Resilience

This domain covers the processes and plans you have in place to ensure a quick recovery if a failure occurs.

14 articles in section

L) Supply Chain Management

This domain covers the processes and controls you have in place to ensure the security risk from your supply chain is mitigated.

7 articles in section