We use cookies to ensure that we give you the best experience on our website. If you continue we'll assume that you are happy to receive all cookies on the SUPPLIERASSURANCE website.

copy to clipboardcopied to clipboard
  1. Home
  2. Help

Search help

Frequently asked Questions

Quickly find answers to the most popular frequently asked questions.

What is the difference between encryption at rest and encryption in transit?

Encryption at rest is like storing your data in a vault, encryption in transit is like putting it in an armoured vehicle for transport.

For encryption in transit, the data is encrypted before transmission; the computer system endpoints are then authenticated; and the data is decrypted and verified on arrival. This is to protect data if communications are intercepted while data moves between two computer systems. For encryption at re…

What is the Cyber CS-1 Guideline?

A common set of minimum security guidelines created by a team of OEM Chief Information Security Officers (CISO) including FCA, Ford, General Motors, Honda, and facilitated by the Automotive Industry Action Group (AIAG), which apply to all 3rd Parties who handle an OEM's data in an external environment.

These security requirements focus on the secure exchange and protection of information between the OEMs and their business partners, and are known as the AIAG Cyber CS-1 Guideline.

If you have any further questions regarding the SupplierAssurance platform, please use our Live Web chat where our s…

What is the Cyber Virtual Audit?

An external vulnerability scan of any internet facing systems to identify whether they could be open to attack, plus the ability to scan on a frequent basis to provide ongoing cyber assurance.

The Cyber Virtual Audit scans given IP addresses/domain names and logs any identified vulnerabilities. By providing the relevant domain names/IP addresses for your internet facing systems, a comprehensive virtual audit will be undertaken to verify that appropriate vulnerability threat protection has…

1. Go to your dashboard
2. Locate your Cyber Virtual Audit

If you have any further questions regarding the SupplierAssurance platform, please use our Live Web chat where our support team will be happy to assist you with further information and guidance.

How can I set scan exclusion times when I don't want the Cyber Virtual Audit to take place?

You can manage the virtual audit scan date/time from the Virtual Audit Schedule screen.

To access the Virtual Audit Schedule screen, please find the relevant Cyber Virtual Audit on your dashboard, and select View. The Virtual Audit Schedule is then under Options.
We recognize that there may be times of the day when you might not want a Virtual Audit to scan the IP address/domain that y…

1. Go to your Dashboard
2. Locate your Cyber Virtual Audit and select 'View'
3. Under Options on the right hand side of the page, select 'Virtual Audit Schedule'
4. Select 'Configure' next to the scan that you want to set exclusion hours for
5. Set the date and time that you want to exclude

If you…

What is phishing?

Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication

Phishing emails distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims. A victim can receive a message that appears to have been sent by a known contact or organization, which can include co…

What is a Cyber Risk Assessment?

An online assessment that enables a business to check their implemented business and technical controls against the Cyber CS-1 Guideline. It provides a corrective action plan on areas of identified weakness to enable issues to be quickly addressed.

The Cyber Risk Assessment is comprised of either a basic or advanced set of questions (depending on the route requested by your buyer or select by the business) and includes questions relating to a range of controls that a business should have in place to ensure effective cyber security. The control…

What is a logical access control?

Logical access controls are tools and protocols used for identification, authentication, authorization, and accountability in computer information systems.

They relate to the access of computer information systems and networks rather than physical access controls like a lock and key, and include how a user is identified, authenticated and authorized. This can include password programs, biometric access and user/role permissions to limit access to infor…

Will the Cyber Virtual Audit impact my systems while it does the scan?

The Cyber Virtual Audit is a non-intrusive external scan on the IP address or domain that you have provided and given consent for us to scan. It should have no adverse effect on your systems while the scan is undertaken.

The Cyber Virtual Audit will typically take place within the 24 hours after you have confirm the relevant IP address/domain name details. When you provide the IP address/domain name details, you also have the option to provide specific exclusion times when you do not want the scan to take place. The…

What is a DFARS?

The DFARS provides DoD-specific acquisition regulations that government acquisition officials and contractors must follow in the procurement process for goods and services.

The Defence Federal Acquisition Regulation Supplement (DFARS) is administered by the US Department of Defence (DoD), and supplements the Federal Acquisition Regulation (FAR). The DFARS contains requirements of law, DoD-wide policies, delegations of FAR authorities, deviations from FAR requirements,…

What does vulnerability management mean?

A security practice specifically designed to proactively mitigate or prevent the exploitation of IT vulnerabilities which exist in a system or organization.

Vulnerability management is the practice of knowing what vulnerabilities (either software defects that require patches to remedy, or configuration issues that require administrative activity to resolve) are present within computer systems and checking on a regular basis, as well as assessing, triagi…

What is malware (malicious software)?

Software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

Malware is designed to covertly operate on a compromised system without the consent of the user, such as:
Trojan Horse - disguised in what appears to be legitimate software, relies on the user to download it and run it on the target.
Virus - infects other programs/files of a target via code injectio…

How do I share the Cyber Virtual Audit?

You can access the sharing options for any questionnaire using the 'share' link on the questionnaire tile. To share the Cyber Virtual Audit, you will need to add a sharing request using the 'request' option from the 'sharing' screen.

Once done, you will need to specify how you would like to share your Cyber Virtual Audit results. You can choose to share no data, a summary (which contains a count of the vulnerabilities identified and the associated threat levels) or the detailed record (which enables your buyer to download the fu…

1. Go to your dashboard
2. Locate your Cyber Virtual Audit and select 'Share'
3. Locate the customer you wish to share your results with and select 'Request'
4. Choose to share the summary or detail with your customer

If you have any further questions regarding the SupplierAssurance platform, plea…

What is a penetration test?

The practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.

A penetration test is essentially an authorized simulated cyber attack on a computer system, performed to identify weaknesses (also referred to as vulnerabilities) including the potential for unauthorized parties to gain access to the system's features and data.

If you have any further questions…

What is encryption?

The process of converting information or data into a code, especially to prevent unauthorized access.

Encryption is a term for the method by which data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key, in other words, this is the process of changing data to make it unintelligible and scrambled if accessed by an…

Can't find an answer to your question? Contact us

Contact us

Still need help? Our Team is available to answer any further questions that you may have.

Contact us
Your session will end in less than two minutes unless we detect activity in your browser
Are you sure you wish to end this chat? Are you sure you wish to disconnect this chat? New chat message from Please use the 'End Chat' link to end this chat and close the window. Do you want to reset the chat window position? Reset windows