This domain covers the processes and controls you have in place to ensure the security risk from your supply chain is mitigated.
Answer yes if your organisation shares any client data with any third parties, which may include sub-processors, or if your organisation relies on any third parties to deliver critical services.
Answer yes if your organisation ensures that all third parties with access to client data have a formal agreement in place that covers all of the relevant requirements of GDPR.
Answer yes if your organisation ensures that all third parties with access to client data have a formal agreement in place that mandates them to have implemented a defined level of information security controls.
Answer yes if your organisation assigns each supplier with a criticality rating that is based on a corresponding business impact assessment.
Answer yes if your organisation has documented the baseline level of security controls that it expects its suppliers of different criticalities to adhere to. The Risk Ledger platform can be used for this - get in touch!
Answer yes if your organisation conducts relevant security due diligence against each supplier that it works with. The Risk Ledger platform can be used for this - get in touch!
Answer yes if your organisation conducts annual security assurance against its suppliers to make sure they are meeting their security requirements. The Risk Ledger platform can be used for this - get in touch!