Supplier Assessment Framework

This section covers the Risk Ledger Supplier Assessment Framework (SAF) by domain.

Within each domain, any scoping questions are listed as the number 00.

A) Statutory Requirements
This domain covers any legal, statutory, or regulatory requirements your organisation has to comply with.

1 articles in section

B) Security Certifications
This domain covers how your organisation maintains compliance with key security certifications.

6 articles in section

C) PCI DSS
This domain covers compliance with the PCI DSS standard.

2 articles in section

D) GDPR
This domain covers compliance with the GDPR.

11 articles in section

E) Security Governance
This domain covers how your security governance is designed, implemented, and maintained.

24 articles in section

F) HR Security
This domain covers the security controls you have implemented to mitigate security risk from your employees.

5 articles in section

G) IT Operations
This domain covers the security controls you have implemented to maintain the health of your IT systems and processes.

35 articles in section

H) Application Security
This domain covers the security controls you have implemented during the development of your IT applications.

12 articles in section

I) Network and Cloud Security
This domain covers the security controls you have implemented to maintain the security and integrity of your corporate network and any cloud infrastructure.

31 articles in section

J) Physical Security
This domain covers the physical security controls you have implemented to protect your organisation's physical premises.

11 articles in section

K) Business Resilience
This domain covers the processes and plans you have in place to ensure a quick recovery if a failure occurs.

14 articles in section

L) Supply Chain Management
This domain covers the processes and controls you have in place to ensure the security risk from your supply chain is mitigated.

7 articles in section