The Supplier Register helps you track every third party that holds or accesses your organisation's data — their criticality, data protection agreements, access levels and review history — in one structured place.
Most cyber breaches don't happen by attacking an organisation directly — they happen through a supplier. The GDPR also places obligations on you as data controller to know who processes personal data on your behalf, and to have appropriate agreements in place. The Supplier Register gives you that visibility and the audit trail to prove it.
The UK GDPR requires data controllers to have Data Processing Agreements (DPAs) with suppliers who process personal data. The Supplier Register tracks DPA status across your supply chain.
Attackers increasingly target smaller suppliers to reach larger organisations. Knowing which suppliers have access to which systems and data helps you assess and manage that risk.
Cyber Essentials includes expectations around access control and third-party access. The Supplier Register directly supports your CE evidence gathering.
Each supplier record captures the full picture — not just a name and contract date, but the details that matter for data protection compliance and security risk management.
Tag each supplier as Critical, High, Medium or Low risk, and record what data they hold, where they store it, and what access they have to your systems.
Track whether a Data Processing Agreement is in place, and log any certifications (ISO 27001, Cyber Essentials, SOC 2) held by the supplier.
Log supplier reviews with a dated record of who reviewed, what risk rating was assigned, and any notes from the review. Know at a glance which suppliers are overdue.
When a supplier relationship ends, archive the record rather than delete it. The full history remains for audit purposes without cluttering your active register.
Supplier Register is included in all Cyber Assure plans. Get in touch to find out more.