Changelog

When assessing their suppliers, companies are always looking for ways to verify what suppliers claim to do. With External Monitoring (Beta), we're complementing supplier assessments with external, objective data to verify their security posture.

This month, we're expanding these capabilities with port scanning and enhanced findings navigation.

‍

Introducing Port Scanning

Port Scanning automatically checks suppliers' digital assets for open ports that are frequently targeted in cyber attacks.

We focus on the most critical vulnerabilities across remote access, databases, web services, file sharing, and infrastructure—reducing noise whilst surfacing the findings that matter most.

Like all External Monitoring features, port scanning results appear directly within your suppliers' profiles alongside their assessment responses, giving you the complete picture without having to jump back and forth between different tools.

‍

‍

Updated severity indicators and explainers

Based on user feedback of early versions of External Monitoring (Beta), we’ve updated our severity indicators and explainers to provide more context and transparency to users about how we assign severity ratings to scan findings.

• New severity indicators - We’ve introduced specific severity indicators to show the number of critical, high, medium, or low findings per scan category. We are pivoting from aggregated indicators to individual indicators.
• Better documentation - We’ve created detailed Help Centre documentation to explain severity levels and provide relevant examples.
• Additional help within the platform - A new legend is now accessible from multiple points within the experience, offering in-platform explanations of each severity level.

More ways to view scan findings

We’ve introduced two new ways for Clients to quickly view Supplier scans and help prioritise the findings they should be looking at, focussing on critical issues or specific assets.

• Monitoring Dashboard: A centralised view on the Supplier Overview displaying a summary of latest scan results.
• Enhanced Findings Table: New "Findings" tab now live in External Monitoring alongside existing Scans and Assets sections. Clients can now efficiently review across their entire supplier’s assets, with clear pathways from overview dashboards.

Improving the supplier onboarding flow

We’re also simplifying the supplier onboarding flow to speed up assessment completion times. So far, we’ve introduced some design changes to the initial signup flow to make the experience more enjoyable for new users.

‍

As more organisations join the Risk Ledger network and supply chain maps become increasingly complex, we wanted to ensure our visualisation tools could handle even the most intricate supplier relationships without compromising on performance or clarity.

This month, Network Visualisation got significant performance improvements and enhanced usability, making it easier to see and understand the connections throughout your supply chain, from third parties all the way down to sixth-parties and beyond.

Major performance boost for complex supply chains

We've overhauled the performance of our network graphs. Whether you're viewing your own supply chain or the most complex, interconnected supplier network, the visualisation now runs smoothly without lag or delays. This improvement ensures that even organisations with extensive nth-party relationships can explore their networks seamlessly.

Direct access from Supplier Profiles

You can now jump directly to the network visualisation from any Supplier Profile. This new feature provides immediate access to both your supply chain and community network (if you're part of a community), making it easier to understand how each supplier fits within your broader ecosystem.

Enhanced usability improvements

Better supplier identification: Hover over any node in the network map to quickly see the supplier’s name. Click on each node to explore nth party connections and understand the full relationship chain.

Clearer connection paths: We've made design improvements that make it easier to see how suppliers connect to your organisation, helping you trace relationships and dependencies more effectively.

Compliance score visibility: Nodes now clearly indicate which suppliers have compliance scores and which don't. Green nodes represent suppliers with completed assessments, whilst white nodes help you quickly identify unclaimed profiles, incomplete assessments, or suppliers where policies haven’t been applied yet.

Note: These improvements apply to both your own supply chain graph and the community network map, if you’re part of a community.

‍

‍

Earlier this month, we launched Product Level Answers, a fundamental update to our assessment that allows suppliers to accurately represent varying security controls across multiple products, within a single profile.

Instead of maintaining separate accounts or duplicating information, suppliers can set organisational-level answers as a baseline and highlight the differences where security controls vary by product. Suppliers can then share precise and relevant information with each client and Clients can clearly identify security control variations across different products, leading to more accurate risk assessments.