S&P Global Market Intelligence LLC

Sanctions, & Adverse Media Screening

Sanctions and Adverse Media Screening is a fully automated solution that is provided as a stand-alone solution or paired with the Entity Insights solution. The solution allows users to screen entities and individuals on more than 75 global sanctions and adverse media lists. The solution returns details and source links.

Features

• Check entities against various global sanctions lists
• Screens entities against a wide range of adverse media sources
• Real-time Screening and instant on-line result
• Screening Criteria customizable to client policy
• Compliance Support
• Real-time monitoring and alerts on updates
• Integration with Entity Profiles
• Instant (online) access to sources of sanctions
• Instant (online) access to adverse media sources
• Online ability to customize and generate review reports with comments

Benefits

• Accurate, real-time data meeting regulatory requirements
• Instant reports - Entity changes flagged via API or email
• Real-time dentification of newly sanctioned entities
• Real-time notification of adverse media news published
• Reduce human error, manual processes, and data request delays
• Choose data sources that align with internal preferences
• Compliance with government sanctions (UK and foreign)
• Screening of entities and individuals – C-level, Board members, Owners

£12,700 a licence

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dpearcey@spglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

499350724169521

Contact

Daniel Pearcey
+447967785826
dpearcey@spglobal.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Entity Insights (listed separately within Digital Marketplace). The two services can be procured separately, and are priced separately. If both are purchased, they can be accessed via the same web-based platform.
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Microsoft Edge (compatible web browser, latest version recommended)
  • Google Chrome (compatible web browser, latest version recommended)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The services offered by S&P Global Market Intelligence will include the full support of a dedicated team consisting of a Relationship Manager and Client Development Team. ; Please note that the dedicated Relationship Manager will be providing 1st level support without any restrictions when it comes to: ; • Number of training/ support sessions (online, on-site) during a licensing period ; • Assistance concerning questions, clarification requests concerning the use of the service and the contractual framework. ; ; The 2nd level consisting of the Client Development Team (technical support, live chat) will be at the user’s disposal without restrictions as well.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our Customer Care is divided into 3 Tiers and there is no additional cost. There is a Client Manager and a Technical Point of Contact assigned for each Client. ; Tier 1 focuses on general questions and basic issues; ; Tier 2 focuses on technical support and quality issues, and ; Tier 3 provides training and value-added support.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide:; - Training; - Support with initial load of suppliers (mapping and entry)
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users can download their data via APIs or extract to excel. ; Once we no longer have a legitimate business need to process your personal information/data, we follow our applicable information governance policies, procedures and standards and retain your information for as long as necessary to accomplish the purpose for which it was collected, following which we either delete or anonymize your personal information/data, or if deletion or anonymization is not possible, then we pseudonymize and/or securely store your personal information and isolate it from any further processing until deletion is possible.
• End-of-contract process: Our contracts will be subscription based and the termination covers as part of our agreement. Please note that there will not be any additional cost.; S&P Global has a detailed Exit Strategy document and process. There is a policy for deletion of data in the hosted environment that is followed up written notification of the termination of contracts. S&P Global have a company policy around the deletion of documents and this is reviewed annually. In general, we use several methods to wipe data. These methods are employed dependent on classification of data present on the system. Data is destroyed by overwriting, degaussing, or physical destruction.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Details of the API service is published on: EDD API - https://edd-web.uat.prc.ihsmarkit.com/assets/ApiDocumentation.html
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Clients can customize screening based on their policies:; - what lists they want to screen for sanctions and adverse media (out of 75 datasources); - Inclusion or not of C-levels, Board members and Owners; - What risk actors to screen for (out of 38)

Scaling

• Independence of resources: Our solution is on AWS hosted SaaS environment that is easily scaled. Each new client volume is assessed before added. The environment is monitored, and additional capacity added through AWS dynamic configuration as/when needed.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide periodic updates on consumed volumes. The metrics includes number of vendors currently added to the platform vs contracted volume.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Our due diligence platform includes sanctions screening data from Quantifind

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Encryption at rest provides data protection for stored data (at rest). Encryption at rest is designed to prevent unauthorized users from accessing the unencrypted data by ensuring the data is encrypted on disk. In addition to satisfying compliance and regulatory requirements, encryption at rest provides defense-in-depth protection. Attacks against data at-rest include attempts to obtain physical access to the hardware on which the data is stored, and then compromise the contained data. Encryption solutions must be applied to servers, desktop computers, thumb drives, mobile devices (phones, tablets, laptops) and Cloud storage. AES 256 based encryption is used for data protection.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can export data via APIs (JSON), Excel and PDF files.
• Data export formats: Other
• Other data export formats:
  • REST API
  • Excel
  • PDF
• Data import formats: Other
• Other data import formats:
  • Excel
  • REST APIs

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: To protect data between the buyer's network and S&P Global's network, several security measures are in place. These include:; ; Encryption: Data is encrypted using industry-standard protocols such as SSL/TLS to ensure secure communication.; Firewalls: Robust firewalls are implemented to monitor and control network traffic, preventing unauthorized access to sensitive data.; ; Access Controls: Strict access controls are enforced, ensuring that only authorized personnel can access and manage data.; ; Intrusion Detection and Prevention Systems: Advanced systems are in place to detect and prevent any unauthorized access attempts or suspicious activities.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: SPGI manages network interfaces including gateways, routers, firewalls, or encrypted tunnels implemented within a security architecture (e.g., routers protecting firewalls or application gateways residing on protected subnetworks). S&P Global's' Network Security Standard Policy defines the minimum requirements necessary for providing appropriate access controls over the SPGI network infrastructure. This standard applies to all Company owned or leased network devices, and all third-party service provider devices connected to or used to connect to the Company network for any purpose.

Availability and resilience

• Guaranteed availability: We have an uptime Service Availability of 99.98% and have never experienced substantial periods of solution unavailability. The platform is configured to industry best practice. Networks, hosts, firewalls, applications, and databases are continuously monitored for abnormal activity.
• Approach to resilience: Solution follows a multi-tier architecture with front-end web portals, middle-tier services and back-end database. Solution is hosted in AWS using account dedicated to the product group. Externally facing web portals are protected by load-balancers and firewalls. DDoS protection is implemented using AWS Shield. Database is encrypted at storage level and data is encrypted in transit end-to-end. Solution is fully developed and supported by S&P Global staff. Underlying AWS hardware infrastructure is supported by AWS.
• Outage reporting: In accordance with contractual commitments or regulatory obligations, the Company may have to report InfoSec or Data Incidents to clients or customers. ; ; S&P Global has a robust incident management process in place to report and address any outages or service disruptions. When an outage occurs, the incident management team is immediately notified and begins investigating the issue. The team communicates updates and progress through various channels, including email notifications, status updates on the S&P Global website, and direct communication with affected users. Additionally, S&P Global may utilize automated monitoring systems to detect and report outages in real-time. This allows for prompt resolution and keeps users informed throughout the process. The incident management team works diligently to minimize the impact of outages and restore service as quickly as possible.

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: S&P Global authenticates users when they access the service through a combination of username/password authentication and multi-factor authentication (MFA).
• Access restrictions in management interfaces and support channels: According to S&P Global's 'User Provisioning and Access Controls Standard', All users must have an account provisioned via the Corporate Simple Access identity management facility before being granted access to any other SPGI system or application. Users are only given those privileges and entitlements necessary to perform their functions. Access rights are not activated before authorization procedures are completed. Similarly, All access are immediately revoked for users who terminated employment. Authorized users are assigned group and role membership, and account access authorizations (e.g., privileges) and other attributes for each account.
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: S&P Global authenticates users when they access the service through a combination of username/password authentication and multi-factor authentication (MFA).

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: S&P Global’s Information Security policies and standards are based on the best practices recommendations for information security management as published in ISO/IEC-27002 and NIST 800 Standards.
• Information security policies and processes: SPGI’s Information Security Program mission is to protect customer information and the company’s reputation and brand through well established, uniform security practices while complying with legal requirements and industry best practices. This is accomplished by having a centralized accountability function with the goal of enhancing the company’s ability to: predict security events and their relative impact to SPGI environments; prevent attacks by augmenting the enterprise security posture; detect attacks that have evaded preventative measures; respond to security events for timely remediation; and improve/update the group’s capabilities and resiliency.; ; The Chief Information Security Officer (CISO) manages and coordinates SPGI’s Information Security Program. The CISO reports to SPGI’s Chief Information Officer (CIO) who is a member of the Operating Committee and reports to the President and Chief Executive Officer (CEO) of SPGI.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We follow robust configuration and change management process. The components of S&P Global's services are tracked throughout their lifetime using a configuration management database (CMDB). The CMDB maintains record of components, including hardware, software, and network devices. Each component is assigned a unique identifier and its attributes, such as version, configuration settings, and dependencies, are documented. This allows for accurate tracking and management of components throughout their lifecycle.; ; Before implementing any changes, S&P Global assesses them for potential security impact. This assessment involves evaluating the security implications of the proposed changes, including any potential vulnerabilities or risks that may arise.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: S&P Global's Network Vulnerability Assessment Standard is designed to identify risks affecting the infrastructure of the organization and provide actionable advice to efficiently and effectively address the risk. The Network Vulnerability assessment identifies both patch-related and configuration-related vulnerabilities. Scans occur both within and without the environment. All applications will go through the threat modeling, static vulnerability assessments, dynamic vulnerability assessments (for web applications and web APIs), and manual and penetration tests if deemed necessary, during the SDLC.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: S&P Global has Cyber Incident Response Program that is managed by the Information Security Monitoring & Cyber Incident Response Team (“CIRT”) in conjunction with the Security Operations centre (SOC) where security analysts monitor security events 24x7 and escalate validated or suspicious security incidents for further probing and invoke Incident Management Procedure as necessary. The CIRT is responsible for triaging, responding to and resolving security incidents. The Cyber Incident Response Plan is intended to include all necessary processes, procedures, internal and external communication strategies, provisions for business continuity, and steps to limit disruptions in service. This plan is rehearsed annually.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The Cyber Incident Response Team (CIRT) along with Privacy/Legal team is responsible for engaging the necessary business, risk management, compliance stakeholders, customers, employees, and regulators based on the nature of the incident, legal requirements, and industry practices in accordance with the Cybersecurity Incident Response Plan. In accordance with contractual commitments or regulatory obligations, the Company may have to report InfoSec or Data Incidents to clients or customers.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The risks and impacts of climate change pose a substantial threat to communities and ecosystems worldwide. At S&P Global, we recognize that we must do our part to address this growing crisis, as the wellbeing of our people and business is inextricably linked to the health of the communities where we live and work. In 2021, we announced our goal of achieving net-zero emissions by 2040, which included near-term 2025 targets validated by the Science Based Targets initiative (SBTi). Our approach is informed by the latest climate science aimed at limiting global warming to 1.5°C and aligns with best practice of avoiding and lowering greenhouse gas (GHG) emissions by carefully tracking and disclosing our performance, implementing energy reduction initiatives and transitioning to low-carbon energy sources. ; ; For our impact report, please refer to the link - https://www.spglobal.com/en/who-we-are/corporate-responsibility/impact-report/index; For our TCFD report, please refer to the link - https://www.spglobal.com/en/who-we-are/corporate-responsibility/tcfd-report-2023.pdf

  Covid-19 recovery

  • The S&P Global Foundation responded by channeling $4.5 million in global grants for COVID-19 relief efforts, supporting first responders, helping the hungry, providing medical supplies and meeting other critical needs, as well as providing critical aid for small businesses to help address the strain of economic uncertainty.; • We provided hospitals and governments free access to Panjiva supply chain data relating to ventilators and personal protective equipment.; • Across the globe, S&P Global team members responded too, volunteering their time and donating funds to the S&P Global Foundation to help meet the needs of their local communities. In India, during a lockdown period, our CRISIL team used their corporate kitchen to serve 10,000 meals per day to Mumbai’s most vulnerable. And in the U.S., colleagues in our California, Colorado and New York offices got to work, 3D-printing face shields for local healthcare workers.; ; For more details, please refer to the link - https://www.spglobal.com/en/who-we-are/corporate-responsibility/cr-spotlight-covid-19

  Tackling economic inequality

  The S&P Global Supplier Diversity Program provides fair and equal procurement opportunities for all capable, competitive suppliers. We welcome companies managed or led by members of all underrepresented groups, including women, veterans and other historically disadvantaged populations, to apply. Partnering with diverse suppliers is one way that we are living out our overall commitment to fostering a diverse, equitable and inclusive workplace and community.; ; Please refer; https://www.spglobal.com/en/who-we-are/diversity-equity-inclusion/supplier-diversity

  Equal opportunity

  S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law.

  Wellbeing

  S&P Global provides colleagues with a comprehensive, competitive benefits package that includes a host of programs, resources, and incentives to enable informed decisions and healthy lifestyles. Our global benefits differ from country to country, but specific offerings include flexible work environments and programs designed to promote our people’s physical, financial, mental, and emotional health.; ; To support a safe and healthy work environment, the company maintains a rigorous management system. Our facilities worldwide follow internally and externally audited occupational health and safety policies in line with ISO 45001 and ISO 14001 standards. All of our office locations follow ISO 45001, with our London office formally certified in ISO 45001. Of our office area, 49% is covered by ISO 14001 standards.; ; For more details, please visit - https://www.spglobal.com/en/who-we-are/corporate-responsibility/impact-report/our-people/employee-health-safety-and-wellbeing

Pricing

• Price: £12,700 a licence
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We offer a 30-day free trial of Entity Insights (including Sanctions & Adverse Media Screening). ; ; Includes: ; Access to a dedicated environment; Request Entity Insights reports; Download reports from the platform; Enable/disable ongoing monitoring; Support from the S&P Global Customer Success Team; ; Does not include:; API functionality; Usage beyond the scope
• Link to free trial: To register for a free trial, contact: dpearcey@spglobal.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dpearcey@spglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.