How Gnatta defend as one with Risk Ledger

Jack Barmby, Gnatta founder and CEO, explains how being honest about information security builds trust, and encourages collaboration with clients.

United Kingdom

We recently sat down (virtually of course) with Jack Barmby, Founder and CEO of Gnatta, to chat about his experience using Risk Ledger. Like a lot of suppliers, Gnatta was introduced to us by one of their clients.

“Risk Ledger was imposed on us,” Jack joked. “But it turned out to be a positive thing. We saw the benefit of taking it forward and using Risk Ledger for our other clients and prospects”.

That client was a global online fashion retailer and their request for Gnatta to create a Risk Ledger supplier profile triggered a complete shift in the way Jack and his team manage information security. As a scaling business, Gnatta was in the common position between needing someone to do the work of a CISO and not being quite mature enough to fill that role as a permanent hire.

“What it outlined was that we actually needed a central owner maintaining this stuff – instead of dragging shed loads of people away from their day jobs to manage every risk assessment that comes in,” Jack explained.

“We took on contracted help for six months and now the responsibility sits with an Information Security Manager who keeps our Risk Ledger profile updated as part of their duties. As documentation or process changes and accreditations come through the door, they’ll update those straight away”.

And that’s not the only positive change that Gnatta has made since setting up their Risk Ledger supplier profile. Jack says that joining the network has given the business a kind of strategic pipeline for what they want to develop from an information security standpoint.

Turning a no into a yes

Filling in their Risk Ledger supplier risk assessment for the first time highlighted a few gaps in Gnatta’s security controls that they needed to address to continue working with their client.

“Our profile doesn’t just show what we do. It also shows what we don’t do, which is actually just as important,” Jack told us. “It’s a balanced view that says we understand the entire sphere of what we should be doing, if it was a perfect world, and where we’ve got weaknesses.”

By being honest, Gnatta was able to build trust with their client and ultimately strengthen their relationship. In turn, their client was willing to help Gnatta improve security controls in the areas that weren’t yet up to their standards. Jack told us that treating this aspect of the buying cycle as an open dialogue gives their prospects and clients a level of comfort. Gnatta’s transparency shows that they’re serious about developing their information security where needed.

“If we’ve done certain accreditations and covered things off, of course we’re going to mention them,” says Jack. “But it’s quite a mature approach to say that you know they’re probably interested in these other security controls and we understand that we need to look at them. Generally the only thing clients want to know off the back of it is if and when we’re planning to change a no into a yes”.

That approach was instrumental recently in helping Gnatta win a five-year contract with a new client. This particular client requires their suppliers to have Cyber Essentials Plus certification and be compliant with ISO 27001. Instead of going elsewhere when they saw that Gnatta didn’t yet have these controls in place, the client simply included a clause in the contract that requires the business to work towards them.

Although it was a specific client that gave Gnatta a nudge to start, going through the Cyber Essentials Plus and ISO 27001 process will undoubtedly help Jack and his team win contracts with other clients too. And – most importantly – having these controls in place not only improves Gnatta’s information security, but strengthens the supply chain as a whole.

Less repetition, more progress

Founded in 2014, Gnatta’s market-leading platform and custom developed workflow technology makes customer contact more efficient, economic and effective. Having a Risk Ledger supplier profile injects the same efficiency, cost-saving and effectiveness into their sales processes.

“Interacting with clients is easier through Risk Ledger,” Jack explains. “We’ve got a central point for all our information security documentation that’s shareable. The links we use are unique to individual clients and they expire. The biggest tell for us is that when we share our Risk Ledger profile with clients it generally circumvents the need to fill in any other specific documentation”.

A key benefit for Gnatta is that Jack and his team no longer have to put their regular work aside to supply the same information but in several different formats to every new client. That frees up time for their Information Security Manager to focus on developing their documentation, policies and processes rather than explaining them over and over again.

Jack says the move to Risk Ledger has been a positive one for both Gnatta and their clients, making internal collaboration simpler and enabling their salespeople to provide all the right information – and then some:

“Where we win with Risk Ledger is that we give clients total clarity; not just the clarity they’re asking for. We give them every shred of information straight out the gate. Having a supplier profile has been a strategic driver for us because we can share it and collaborate internally. The backbone of our information security is under Risk Ledger and we build all of our documentation off the back of that”.

Simplify your sales processes

If, like Jack and the team at Gnatta, you’re dealing with regular risk assessment requests, why not consider joining Risk Ledger?

Supplier profiles are free and you’re in complete control over the information you share with individual clients. Your salespeople will have confidence knowing that they have all the right information at their fingertips and they won’t waste their time filling it in from scratch for every new request.

Get in touch to find out more about joining thousands of organisations that are already a part of the growing Risk Ledger network.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.

Pattern Trapezoid Mesh

Join our growing community

Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.