K. Procurement Risk
This domain covers the governance and controls you have implemented within your organisation to protect your organisation from risks not linked to technology or financial crime.
01) Is your organisation a legally registered entity?
Answer yes if your organisation is a legally registered entity and upload proof of registration (as a PDF file, this is typically a certificate of incorporation) as evidence. Please note the country or jurisdiction in which your company is registered in the notes.
02) Does your organisation have enough working capital to remain viable for the next 12 months?
Answer yes if your organisation has enough working capital to remain for the next 12 months.
03) Does your organisation have 3 years (or more) of published annual accounts?
Answer yes if your organisation has 3 years (or more) worth of published annual accounts. Please upload the last 3 years of accounts as evidence. If your organisation has less than 3 years, please upload any accounts that have been published (as PDF files).
04) Does your organisation have a documented Health & Safety Policy?
Answer yes if your organisation has a documented Health & Safety policy. Please upload the policy (as a PDF file) as evidence.
05) Does your organisation you have a senior manager or board member who is responsible for your Health & Safety Programme?
Answer yes if your organisation has an appointed resource that is responsible for the design and delivery of your company's health and safety programme. This is typically a health and safety officer. In the notes please outline the job role and whether or not this is a dedicated full time position.
06) Does your organisation have an established and consistent framework for Health and Safety which includes provisions to ensure a safe and hygienic working environment for all of your personnel, in accordance with local health and safety laws and industry best practices?
Answer yes if your organisation has implemented a framework for managing health and safety compliance across your company. The framework must include health and safety awareness initiatives (such as posters), a risk assessment programme, a defined and auditable reporting process, and relevant and valid insurance policies (in the UK this is covered by your employers liability insurance).
07) Does your organisation have a documented environmental management policy?
Answer yes if your organisation has a documented environmental management policy that looks to minimise your organisation's impact on the environment. Please upload the policy (as a PDF file) as evidence.
08) Does your organisation ensure compliance with all applicable human rights laws and regulations?
Answer yes if your organisation is fully compliant with all applicable human rights laws and regulations. This may include, but is not limited to, the International Bill of Human Rights, the UK Modern Slavery Act 2015, and the EU working time directive. Please note that these laws and regulations may require further actions from your organisation to ensure compliance.
09) Does your organisation conduct assurance activities against its suppliers to ensure they are compliant with all applicable human rights laws and regulations?
Answer yes if your organisation conducts supplier assurance to ensure your suppliers are compliant with all applicable human rights laws and regulations. Describe the nature and frequency of the assurance in the notes.
10) Does your organisation provide a grievance mechanism for workers to raise workplace concerns?
Answer yes if your organisation has a mechanism in place (backed up by a written policy document with a defined process) that allows employees and contractors to address grievances relating to their employment. Please upload the policy document (as a PDF file) as evidence.
11) Does your organisation have a documented diversity and inclusion policy?
Answer yes if your organisation has a documented diversity and inclusion policy that outlines the organisation's commitment to providing an inclusive and supportive environment for staff, contractors and visitors that is free from discrimination.
12) Does your organisation provide a confidential method (also known as a whistleblowing procedure) for employees and contract staff to freely report any perceived issues that might impact your clients or their customers?
Answer yes if your organisation has a defined and documented procedure that enables employees and contract staff to report any incidents or perceived issues confidentially. This is typically provided through a confidential phoneline or email address. Please outline the process in the notes section provided, or upload a policy or process document (as a PDF file) as evidence.
13) Does your organisation clearly inform employees and contract staff how to access and utilise the whistleblowing procedure to confidentially report any issues?
Answer yes if your organisation clearly informs all employees and contract staff how to access and utilise the whistleblowing procedure.