Proactively share your Security Profile with anyone, at any time. Learn More

J. Supply Chain Management

This domain covers the processes and controls you have in place to ensure the security risk from your supply chain is mitigated.

00) Does your organisation share client data with any third parties, or rely on any third parties to deliver critical services?

Answer yes if your organisation shares any client data with any third parties, which may include sub-processors, or if your organisation relies on any third parties to deliver critical services.

Supply Chain Management
Scoping
Read more

01) Does your organisation have formal agreements in place to control third party use of data that include GDPR requirements?

Answer yes if your organisation ensures that all third parties with access to client data have a formal agreement in place that covers all of the relevant requirements of GDPR.

Supply Chain Management
Formal Contracts
GDPR
Read more

02) Does your organisation have formal agreements in place that mandate suppliers (and downstream suppliers) must have implemented a defined level of information security?

Answer yes if your organisation ensures that all third parties with access to client data have a formal agreement in place that mandates them to have implemented a defined level of information security controls.

Supply Chain Management
Trickle Down Security
Read more

03) Does your organisation conduct a business impact assessment for each supplier and give them a corresponding criticality rating?

Answer yes if your organisation assigns each supplier with a criticality rating that is based on a corresponding business impact assessment.

Supply Chain Management
Criticality
Business Impact Assessment
Read more

04) Does your organisation have a supplier security policy that outlines the security requirements that your suppliers are expected to meet?

Answer yes if your organisation has documented the baseline level of security controls that it expects its suppliers of different criticalities to adhere to. The Risk Ledger platform can be used for this - get in touch!

Supply Chain Management
Supplier Security Policy
Read more

05) Does your organisation conduct security due diligence against suppliers before entering into a contract?

Answer yes if your organisation conducts relevant security due diligence against each supplier that it works with. The Risk Ledger platform can be used for this - get in touch!

Supply Chain Management
Security Due Diligence
Read more

06) Does your organisation conduct security due diligence against suppliers before entering into a contract?

Answer yes if your organisation conducts regular (e.g. quarterly, annually) security assurance against its suppliers to make sure they are meeting their security requirements. Please give details of your current process. The Risk Ledger platform can make this easier for you - get in touch!

Supply Chain Management
Security Assurance Programme
Read more