Supplier and Vendor Assessment#
Relevant controls: SC.12.01, SC.12.02, SC.12.03, SC.12.04, SC.11.03
All suppliers listed below are pre-approved vendors within Novo Nordisk. Each maintains its own risk profile, compliance certifications, and vendor assessment under the NN supplier management programme. Risk assessment and audit reports for these suppliers are managed centrally by NN IT and are not duplicated here.
Supplier Inventory#
| Supplier | Service | Criticality |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure — ECS Fargate, ECR, DynamoDB, SSM, S3, ALB, Kinesis Firehose, CloudWatch, CloudTrail | Critical |
| Microsoft Azure (Azure AD) | Identity provider — OAuth 2.0, On-Behalf-Of token exchange, JWT validation | Critical |
| Microsoft Graph API | Data source — SharePoint, Outlook (mail + calendar), Teams (channels, messages, chats) | Critical |
| Azure Databricks | Data platform — workspace access, SQL execution | Critical |
| GitHub | CI/CD platform — GitHub Actions, source code hosting | High |
| Snyk | Security scanning — SAST, SCA, container scanning, IaC scanning | Medium |