New updates and improvements to Risk Ledger
When assessing their suppliers, companies are always looking for ways to verify what suppliers claim to do. With External Monitoring (Beta), we're complementing supplier assessments with external, objective data to verify their security posture.
This month, we're expanding these capabilities with port scanning and enhanced findings navigation.
Introducing Port Scanning
Port Scanning automatically checks suppliers' digital assets for open ports that are frequently targeted in cyber attacks.
We focus on the most critical vulnerabilities across remote access, databases, web services, file sharing, and infrastructure—reducing noise whilst surfacing the findings that matter most.
Like all External Monitoring features, port scanning results appear directly within your suppliers' profiles alongside their assessment responses, giving you the complete picture without having to jump back and forth between different tools.
Updated severity indicators and explainers
Based on user feedback of early versions of External Monitoring (Beta), we’ve updated our severity indicators and explainers to provide more context and transparency to users about how we assign severity ratings to scan findings.
More ways to view scan findings
We’ve introduced two new ways for Clients to quickly view Supplier scans and help prioritise the findings they should be looking at, focussing on critical issues or specific assets.
Improving the supplier onboarding flow
We’re also simplifying the supplier onboarding flow to speed up assessment completion times. So far, we’ve introduced some design changes to the initial signup flow to make the experience more enjoyable for new users.
As more organisations join the Risk Ledger network and supply chain maps become increasingly complex, we wanted to ensure our visualisation tools could handle even the most intricate supplier relationships without compromising on performance or clarity.
This month, Network Visualisation got significant performance improvements and enhanced usability, making it easier to see and understand the connections throughout your supply chain, from third parties all the way down to sixth-parties and beyond.
We've overhauled the performance of our network graphs. Whether you're viewing your own supply chain or the most complex, interconnected supplier network, the visualisation now runs smoothly without lag or delays. This improvement ensures that even organisations with extensive nth-party relationships can explore their networks seamlessly.
You can now jump directly to the network visualisation from any Supplier Profile. This new feature provides immediate access to both your supply chain and community network (if you're part of a community), making it easier to understand how each supplier fits within your broader ecosystem.
Better supplier identification: Hover over any node in the network map to quickly see the supplier’s name. Click on each node to explore nth party connections and understand the full relationship chain.
Clearer connection paths: We've made design improvements that make it easier to see how suppliers connect to your organisation, helping you trace relationships and dependencies more effectively.
Compliance score visibility: Nodes now clearly indicate which suppliers have compliance scores and which don't. Green nodes represent suppliers with completed assessments, whilst white nodes help you quickly identify unclaimed profiles, incomplete assessments, or suppliers where policies haven’t been applied yet.
Note: These improvements apply to both your own supply chain graph and the community network map, if you’re part of a community.
Earlier this month, we launched Product Level Answers, a fundamental update to our assessment that allows suppliers to accurately represent varying security controls across multiple products, within a single profile.
Instead of maintaining separate accounts or duplicating information, suppliers can set organisational-level answers as a baseline and highlight the differences where security controls vary by product. Suppliers can then share precise and relevant information with each client and Clients can clearly identify security control variations across different products, leading to more accurate risk assessments.
Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.