Supply Chain Security

Our organisation understands that cybersecurity doesn’t stop at our own doorstep. In a connected world, every supplier, vendor, and partner forms part of our defence perimeter. That’s why supply chain security is a key pillar of our risk management strategy.

We start with rigorous supplier risk assessments. Before onboarding, every supplier is carefully vetted. We review their security policies, request evidence of certifications, and, where necessary, conduct audits. Only those who meet our standards are cleared to handle sensitive data or integrate with our systems.

Once approved, the work doesn’t stop. We monitor all suppliers continuously, ensuring they maintain strong security postures. Contracts include mandatory security clauses, and critical suppliers are subject to annual reviews.

Our policies ensure:

• Every supplier completes a risk assessment before approval.

• Contracts enforce data protection and security standards.

• Annual reviews are mandatory for critical suppliers.

In the event of an issue, we activate our incident response procedures. Supplier-related incidents are logged, investigated and resolved using standardised forms to maintain oversight and ensure accountability.

By embedding security across the entire supplier lifecycle, we protect our organisation and clients from risks that may arise far beyond our immediate control.