Resources

Academy

Mastering supply chain risk and creating a world-class supply chain risk management programme with the help of Risk Ledger’s educational resources.

Featured

Securing UK Energy Supply Chains: How Ofgem’s Adapted CAF Profile Sets a New Standard

UK energy security hinges on robust Third-Party Risk Management (TPRM). Discover how Ofgem's Adapted CAF Profile enforces new, prescriptive standards for supply chain cyber security, demanding continuous assurance and zero-trust principles for critical vendors.

September 26, 2025

・

8

mins read

Risk Ledger

Company

Assessment Framework

Everything you need to know about our standardised supplier assessment framework and how it maps to leading frameworks like NIST, ISO 27001 and ISO 27002, CIS, COBIT, and others.

Supply Chain Maturity Quiz

How mature is your organisation’s supply chain risk management programme, and what can you do to take it to the next level? Find out today.

Data & Security Framework

Risk Ledger is a security platform built by people who care about security for people who care about security. This outlines Risk Ledger’s approach to security.

Recent Explainers & Guides

Explainers & Guides

Are APIs Becoming the New Frontline for Supply Chain Cyber Attacks?

This article examines the proliferation of APIs in IT ecosystems, the associated cyber security risks, and how organisations can protect their supply chains against API-related attacks.

Addressing the Growing Supply Chain Cyber Threats Facing the UKs Critical Energy Infrastructure

Geopolitical upheaval and growing cyber threats are putting UK energy supply chains at risk. In this article, we explore ways to secure critical national infrastructure against this growing threat through collaboration.

Data Protection and Confidentiality in Third-Party Risk Management

In this Explainer, we offer insights into why data protection and confidentiality should be top-of-mind of any cyber security team, and how to ensure that your external vendors and service providers to not pose a risk to your or your customers' data.

Latest Emerging Threats

Emerging Threat

Briefing Your Board on Supply Chain Attacks Like ToolShell

Discover how ToolShell exploits highlight supply chain attacks and what boards must do to assess exposure, brief leadership, and build resilience.

Chief Cyber Security Strategist

Emerging Threat

ToolShell On-Prem SharePoint Vulnerabilities: Emerging Threat Published on Risk Ledger

Microsoft has disclosed two vulnerabilities: CVE-2025-53770 (CVSS 9.8/Critical) and CVE-2025-53771. The exploit method is referred to as a “ToolShell” attack. Find out everything you need to know in this new Risk Ledger Emerging Threats blog.

Chief Operating Officer

Emerging Threat

Ivanti Connect Secure Zero-Day Exploitation: Emerging Threat published on Risk Ledger

Learn about the latest emerging threat - CVE-2025-0282 and CVE-2025-0283 affecting Ivanti Connect Secure, Policy Secure and ZTA Gateways that were detailed on 8 January 2025.

From Engineering

Engineering

Building our Public API Alpha

This week, we are excited to share with you the alpha launch of our Public API, but what goes into designing, implementing and documenting an API?

What is a floating point number, and why do they suck

Find out what a floating point number is and why they suck in this in-depth blog from one of our engineers.

Git Techniques at Risk Ledger

A deep dive into common Git techniques our Product Engineers use at Risk Ledger.

Get the security manager's briefing

Monthly research, case studies and practical guides you won't find anywhere else.

Join thousands of security managers turning their TPRM programmes into success stories.