Duffel
https://duffel.com/
Duffel is focused on democratising the travel industry through the use of easy-to-use APIs. They build infrastructure that underpins the travel industry in an effort to make it accessible for anyone who wishes to sell travel.
| Question | Answer |
|---|---|
Does the supplier hold ISO27001, or other externally validated certificate that is in line with or exceeds ISO27001? | No |
Does the supplier encrypt personal data at rest and in transit? | Yes |
Does the supplier adhere to the principle of least privileged and have access control processes in place? | Yes |
Does the supplier have processes in place to address risk management? | Yes |
Does the supplier train and engage their employees to become cyber aware? | Yes |
Does the supplier have a process to manage assets throughout their lifecycle, including security and destruction? | Yes |
Does the supplier have a process to manage disaster recovery and the backups of critical systems? | Yes |
Does the supplier have a processes in place to identify and remediate vulnerabilities such as penetration testing or vulnerability scanning? | Yes |
Does the supplier have logging and monitoring in place to identify incidents with their assets and data? | Yes |
Does the supplier have an incident management process in place? | Yes |
Does the supplier have process in place to protect and manage their supply chain? | Yes |
Are there contracts that cover security requirements, data protection requirements and confidentiality? | Yes |
Does the supplier have a quality management system in place? | No |
Last updated