Pattern Trapezoid Mesh

Changelog

New updates and improvements to Risk Ledger

September 4, 2025

August 2025: Deeper supply chain visibility and streamlined collaboration

This month brought significant enhancements to how you visualise and understand your extended supply chain.

With the launch of Fourth Parties, you can now map critical dependencies beyond your direct suppliers, whilst our improved Network Visualisation makes it easier to spot concentration risks across complex supplier networks.

We've also refined our assessment framework and enhanced supplier collaboration tools to drive faster, more accurate risk assessments.

New Feature: Fourth Parties

Client and supplier relationships are complex and ever-evolving. You need a real-time, comprehensive overview of your suppliers’ suppliers to identify and understand changing critical dependencies and concentration risks.

We launched Fourth Parties to solve this. Clients can get true visibility of their suppliers’ critical suppliers, plotted in our Network Visualisation tool for faster, deeper supply chain analysis.

  • Spot concentration risks hidden further down your supply chain
  • Meet regulatory requirements such as DORA and PRA SS2/21
  • Scale your analysis as your supply chain grows in complexity

Here’s how it works:

  • Supplier declaration: Suppliers can now add their own critical suppliers (name and website) directly to their profile, and share it with all their clients on Risk Ledger.
  • Client visibility: Connected clients can see each supplier’s critical relationship within their active supply chain network.
  • See the bigger picture: Clients can see all fourth parties even if they aren’t yet on Risk Ledger.

Fourth Parties is now live on the Risk Ledger Supply Chain Security Platform ready for Clients and Suppliers to explore.

You can learn more about the feature on our blog or in our Help Center.

Smarter, cleaner Network Visualisation

Along with the launch of Fourth Parties, we continued to enhanced our Network Visualisation tool to ensure it gives businesses a clear and accurate picture of how businesses are connected to one another across multiple tiers of relationships.

What’s changed:

  • Clearer visual differentiation between third-, fourth-, and nth party nodes on the map
  • When you select a supplier, you’ll now see what degree of connection it is
  • Improved design of the supplier information box so it’s clearer to see compliance scores, how to view the suppliers’ profile and open risks
  • Updated colours to meet accessibility standards
  • Fixed a bug to show 0% compliance scores for basic connections with no assessments or  when an assessment is incomplete

Framework update August 2025

We update our Standardised Assessment Framework every six months to ensure that the framework remains relevant to changing regulatory and business demands, while maintaining consistency for clear comparison.

In our latest update, these are the changes we made:

  • A few small grammatical changes to questions and descriptions
  • Requesting specific documentation as evidence for ISO27001 and PCI DSS
  • Updating the MFA control question (D6) to ensure it includes customer-facing applications, especially now that suppliers can list multiple products on their Risk Ledger profile
  • Updating controls D23-27 to move away from specifically targetting laptops to instead covering all endpoints (laptops, desktops, mobile phones etc.), and breaking this down to organisation-issued devices and BYOD.
  • Simplifying scoping questions to help suppliers when they first complete their profile
  • Adding a new control question (K1) about AI Policy, in response to developments in AI risk governance standards.

You can learn more about what this means for Clients here, and Suppliers here.

Enhanced supplier onboarding and collaboration

For Suppliers to complete an assessment, it takes multiple people across different teams to work together. So, we’re improving how Supplier teams collaborate on Risk Ledger with these new features:

  • Streamlined onboarding experience - Completely redesigned the supplier onboarding flow and simplified scoping questions with to deliver better supplier experiences and reduce the time it takes to complete an assessment.
  • Supplier primer emails - Before inviting colleagues to join Risk Ledger, suppliers can now send a pre-written primer email to provide context about Risk Ledger and what's expected of them.
  • Improved colleague invitations - We've updated the invitation email to provide more context about Risk Ledger and offer detailed next steps for new users.

Other improvements

  • Supplier Assessments - Fixes and improvements to filters and text searches for assessment answers.
  • External Monitoring - Added "Informational" filter in the Findings table to make it easier to filter for the right findings.
  • PDF Exports Now Include a Date Stamp - Added a date stamp to all PDF exports so you can use these reports as snapshot of evidence for your security assessments and audits.

August 5, 2025

July 2025: Expanding External Monitoring (Beta)

When assessing their suppliers, companies are always looking for ways to verify what suppliers claim to do. With External Monitoring (Beta), we're complementing supplier assessments with external, objective data to verify their security posture.

This month, we're expanding these capabilities with port scanning and enhanced findings navigation.

Introducing Port Scanning

Port Scanning automatically checks suppliers' digital assets for open ports that are frequently targeted in cyber attacks.

We focus on the most critical vulnerabilities across remote access, databases, web services, file sharing, and infrastructure—reducing noise whilst surfacing the findings that matter most.

Like all External Monitoring features, port scanning results appear directly within your suppliers' profiles alongside their assessment responses, giving you the complete picture without having to jump back and forth between different tools.

Updated severity indicators and explainers

Based on user feedback of early versions of External Monitoring (Beta), we’ve updated our severity indicators and explainers to provide more context and transparency to users about how we assign severity ratings to scan findings.

  • New severity indicators - We’ve introduced specific severity indicators to show the number of critical, high, medium, or low findings per scan category. We are pivoting from aggregated indicators to individual indicators.
  • Better documentation - We’ve created detailed Help Centre documentation to explain severity levels and provide relevant examples.
  • Additional help within the platform - A new legend is now accessible from multiple points within the experience, offering in-platform explanations of each severity level.

More ways to view scan findings

We’ve introduced two new ways for Clients to quickly view Supplier scans and help prioritise the findings they should be looking at, focussing on critical issues or specific assets.

  • Monitoring Dashboard: A centralised view on the Supplier Overview displaying a summary of latest scan results.
  • Enhanced Findings Table: New "Findings" tab now live in External Monitoring alongside existing Scans and Assets sections. Clients can now efficiently review across their entire supplier’s assets, with clear pathways from overview dashboards.

Improving the supplier onboarding flow

We’re also simplifying the supplier onboarding flow to speed up assessment completion times. So far, we’ve introduced some design changes to the initial signup flow to make the experience more enjoyable for new users.

July 1, 2025

June 2025: Faster and smoother Network Visualisation

As more organisations join the Risk Ledger network and supply chain maps become increasingly complex, we wanted to ensure our visualisation tools could handle even the most intricate supplier relationships without compromising on performance or clarity.

This month, Network Visualisation got significant performance improvements and enhanced usability, making it easier to see and understand the connections throughout your supply chain, from third parties all the way down to sixth-parties and beyond.

Major performance boost for complex supply chains

We've overhauled the performance of our network graphs. Whether you're viewing your own supply chain or the most complex, interconnected supplier network, the visualisation now runs smoothly without lag or delays. This improvement ensures that even organisations with extensive nth-party relationships can explore their networks seamlessly.

Direct access from Supplier Profiles

You can now jump directly to the network visualisation from any Supplier Profile. This new feature provides immediate access to both your supply chain and community network (if you're part of a community), making it easier to understand how each supplier fits within your broader ecosystem.

Enhanced usability improvements

Better supplier identification: Hover over any node in the network map to quickly see the supplier’s name. Click on each node to explore nth party connections and understand the full relationship chain.

Clearer connection paths: We've made design improvements that make it easier to see how suppliers connect to your organisation, helping you trace relationships and dependencies more effectively.

Compliance score visibility: Nodes now clearly indicate which suppliers have compliance scores and which don't. Green nodes represent suppliers with completed assessments, whilst white nodes help you quickly identify unclaimed profiles, incomplete assessments, or suppliers where policies haven’t been applied yet.

Note: These improvements apply to both your own supply chain graph and the community network map, if you’re part of a community.

Pattern Trapezoid Mesh

Join our growing community

Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.