Data Security and Privacy

ISO27001 certified

Fair Supply’s Information Security Management System (ISMS) is certified against ISO27001:2013. Download our current ISO27001 Certificate of Registration.

Independent assurance

Fair Supply offers customers a tool that assists with performing screening in accordance with the GHG Protocol to determine which scope 3 activities are expected to contribute significantly to their GHG emissions inventory.

This tool uses spend- and revenue data in combination with environmentally-extended multi-regional input-output analysis (EEIO) and does not require customers to have undertaken a prior assessment of the GHG inventory for each scope 3 category. This approach is set out in data collection guidelines of the GHG Protocol’s Corporate Value Chain (Scope 3) Accounting and Reporting Standard as a recommended activity for prioritising GHG emission categories according to their magnitude.  

Fair Supply also offers a detailed GHG Inventory Assessment tool in addition to the GHG Screening feature. The methodologies applied to calculate the detailed scope 3 GHG Inventory are compliant with the GHG Protocol for each category. The methodologies outlined in the GHG Protocol also inform the following climate- and emissions-related reporting frameworks:

• ‍TCFD Recommendations
• ‍ISSB’s IFRS S2 - Climate-related Disclosures
• ‍European Sustainability Reporting Standards ESRS E1 - Climate Change
• ‍GRI 305: Emissions 2016
• ‍Science Based Targets Initiative Corporate near-term criteria
• ‍PCAF Standard
  

GDPR compliant

Fair Supply complies with EU and UK GDPR requirements.
You can find more information about how we handle personal information in our Privacy Policy.

Information security governance

Fair Supply has established an information security governance framework to govern how we manage risk and develop minimum standards and measures to protect the Confidentiality, Integrity and Availability of information assets and systems.

Our ISMS supports the operationalisation of the governance framework through the development, implementation and continual improvement of technical, administrative, and operational standards and controls for managing information security risk.

Our governance framework and ISMS determine standards and measures for:

• our organisational approach to risk management
• information security risk management
• vulnerability and threat monitoring and management
• annual penetration testing
• incident management and response plans and playbooks
• business continuity and disaster recovery planning and testing
• backup and restoration routines and testing
• application security standards and secure development procedures
• permissions and access controls according to the principle of least privilege
• segregation of duties and defined roles and responsibilities
• vendor and third party risk management
• infrastructure security and ongoing hardening
• cryptography and passphrase policies including encryption standards for data in transit and at rest
• physical and facilities security
• personnel security including background checks and ongoing information security awareness training
• asset management and destruction
• device management and endpoint protection including disk encryption, AV and malware protection and monitoring
• legal and regulatory compliance and contact with relevant authorities
• privacy and other ongoing compliance requirements.

‍

We keep it high level here on purpose. Our team can answer any security or due diligence questions that may be required for your vendor onboarding processes.

Book a demo or contact security@fairsupply.com.au.