Answer yes if your organisation shares any client data with any third parties, which may include sub-processors, or if your organisation relies on any third parties to deliver critical services.
If your organisation uses suppliers to fulfill services that are integral to the running of your business, or if you transfer any Client data to any third parties, answer yes. This includes online services such as Google G-Suite, Github, and CRM tools.
Due to the inter-connectivity of most organisations it is important to make sure the suppliers you choose to work with have the correct security controls in place to prevent incidents in down stream suppliers impacting the upstream supply chain.
Don’t worry, it’s easy to start doing this for free using Risk Ledger – get in touch at firstname.lastname@example.org to find out how!