Genom att klicka på ”Acceptera” godkänner du lagring av cookies på din enhet för att förbättra webbplatsnavigering, analysera webbplatsanvändning och hjälpa till i våra marknadsföringsinsatser. Se vår
Sekretesspolicy
för mer information.
Förneka
Acceptera
Sekretessinställningar
Viktiga kakor
Obligatorisk
Marknadsföringscookies
Väsentligt
Personaliseringscookies
Väsentligt
Analytiska cookies
Väsentligt
Avvisa alla cookies
Tillåt alla cookies
Spara inställningar
Lösning
Lösningar
Förbättra din process
Centralisera leverantörens säkerhetsprofiler
Leverantörens due diligence
Få tillgång till stor befintlig leverantörsbas
Leverantörens due dil
Automatisera poängsättning baserat på policyer
Visualisera risker
Nionde part- och koncentrationsrisker
Rapportera och övervaka
Svara på nya hot
Användningsfall
Förstå leverantörssäkerhet
Säkerställa regelefterlevnad
Certifiera leverantörsstandarder
Effektivisera rapporteringen
Hantera ett intrång från tredje part
Samhällen
Offentlig sektor
Kritisk nationell infrastruktur
Finansiella tjänster & Försäkring
Insurance
Teknik
Utvalda fallstudier
Se alla fallstudier
Medel
Medel
Resurscenter
Navet för alla resurser
Akademin
Lär dig riskhantering i försörjningskedjan
Forskning & Analys
Blogginlägg, rapporter, vitböcker, analys
Fallstudier
Kundupplevelser med Risk Ledger
Nyheter
Företags- och produktuppdateringar
Händelser
Webinarier och kommande evenemang
Typer
Förklaringar och guider
Nya hot
Ingenjörsvetenskap
Djupa dyk
Rapporter om datainsikter
Analys
Aktuell rapport
Se alla rapporter
Stöd
Hjälp
Hjälpcenter
Allt stöd på ett ställe
FAQ
Vanliga frågor
Produktuppdateringar
Nyheter & ändringslogg
Kundsupport
Få tillgång till teknisk support
Plattform
Leverantörer
Bedömningsram
Logga in
Framväxande hot
Se alla hot
Företag
Om
Om oss
Berättelsen om Risk Ledger
Karriärer
Life at Risk Ledger
Medietillgångar
Presscenter
Kontakta oss
Prata med rätt personer
Info
Sekretesspolicy
Användarvillkor
Säkerhetsprofil
Utvalda nyheter
Se alla nyheter
English
Finnish
Swedish
Norwegian
Danish
Logga in
Boka en demo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Framework Domains
Supplier Assessment Framework
A
Security Governance
B
Security Certifications
C
HR Security
D
IT Operations
E
Software Development
F
Network and Cloud Security
G
Physical Security
H
Business Resilience
I
Supply Chain Management
J
Data Protection
K
Artificial Intelligence
XA
Financial Risk
XB
Environmental, Social and Governance
Domain
J
Data Protection
This domain covers compliance with data protection legislation.
05) Are you PCI DSS compliant?
Answer yes if your organisation is compliant with the PCI DSS security standard. If you have certified against the standard, please provide your certificate.
03) Do employees and contractors receive an information security and data protection training programme?
Answer yes if your organisation runs an information security and data protection training programme for all of your employees and third-party contractors. Please outline the nature and frequency of the training programme in the notes section, including any additional training provided to staff with greater responsibility, more privileged system access or access to confidential data.
29) Does your organisation encrypt client data on its IT systems using appropriate cryptographic standards?
Answer yes if your organisation encrypts client data on its IT systems. Please state the encryption algorithm used in the notes.
31) Does your organisation run any applications, operating systems or hardware that are no longer supported by the vendor and no longer receive security updates?
Answer yes if your organisation uses any IT systems that include applications, operating systems or hardware (including servers, network equipment or user devices) for which the vendors do not provide regular security updates. In the notes, please describe how you discover and manage these systems, including any compensatory controls you have in place to protect them and any plans for decommissioning or replacement.
34) Does your organisation encrypt the backups using appropriate cryptographic standards to prevent unauthorised access to the backup data?
Answer yes if your organisation encrypts the backups using appropriate cryptographic standards to prevent unauthorised access to the data. Please state the encryption algorithm used in the notes section.
03) Does your organisation develop applications and systems using security best practice (for example, by following the OWASP secure coding practices)?
Answer yes if your organisation's developers are instructed to build applications and systems using defined security best practice (for example, as defined by OWASP, The Open Web Application Security Project). Please state in the notes the best practise guidance followed and if your developers receive any additional security training.
06) Do all of your organisation's applications and systems use industry best practice for authentication, including storing all user passwords as appropriate hashes?
Answer yes if your organisation ensures that all of its applications and systems (that are developed/built in-house) use industry best practice for authentication, and that all passwords are stored as hashes using secure hashing algorithms rather than as plain text. In the notes section, where relevant, please state the name of the authentication provider used.
10) Does your organisation secure and encrypt remote connections to its network or environment using an appropriate control/protocol (for example, by using VPNs or SSH connections)?
Answer yes if your organisation forces all remote connections to its network infrastructure or cloud environment to be secured with a suitable solution such as a VPN or SSH connection. Please describe the nature of these controls in the notes section, both technical and procedural.
28) For how many months does your organisation store its user activity logs?
Answer by stating how many months the logs are kept for.
30) For how many months does your organisation store its root/super-user/administrator logs?
Please state how many months the logs are kept for.
07) Are all of your organisation's physical premises staffed 24/7 by a security team or reception team?
Answer yes if all of your organisation's physical premises are staffed 24/7 by an onsite security team, reception team, or both. If security is present for some hours (not 24/7), please answer no and state in the notes section the times during which the premises are manned.
06) Has your organisation conducted a regulatory compliance and security risk assessment of how your AI or AI-supported service processes and responds to client data and information?
Answer yes if your organisation has conducted and documented a regulatory compliance and security risk assessment for each AI or AI-supported service you provide. Examples of what should be considered in each risk assessment include: how the LLM service operates and is secured compared with the requirements of EU AI Act or the OWASP Top 10 for LLM, an evaluation of output accuracy or bias countermeasures, abuse prevention measures, and risk of Intellectual Property or Copyright infringement claims resulting from public use of AI-generated output. Please provide supporting document(s) (as a PDF file) evidencing the assessment(s), or describe the assessment(s) in the notes section.
07) Do your AI or AI-supported service(s) encourage service users to evaluate the AI model’s responses before use?
Answer yes if you have ensured, as far as you are able, that the users of your service have reviewed and evaluated the AI model output before use. The measures you have put in place should help mitigate the risks arising from inaccuracies or ‘hallucinations’ (plausible created statements) within AI outputs which, if applied without human review, can impact integrity and mislead decision-making. Depending on the service, this could include tagging output as 'AI generated' or providing workflows to enable the review.
23) Does your organisation conduct regular assurance activities against its suppliers to ensure they are operating in line with your own environmental, social and governance policies, including checking that they are compliant with relevant laws and regulations?
Answer yes if your organisation conducts regular (e.g. quarterly, annually) supplier assurance to ensure your suppliers meet the same standards of environmental management, social responsibility, and governance that is expected of your organisation, and that they are compliant with all applicable laws and regulations. Describe the nature and frequency of the assurance activities in the notes. If you use a supplier management system to support with this, please state which system you use.
Defend against supply chain attacks with Defend-As-One.
No organisation is an island.
Boka en demo
Churchill House, 142-146 Old St
London, EC1V 9BW
Storbritannien