Analysis
Information Sharing in Cyber Supply Chain Risk Management – A New Model
We've made some changes to the standardised controls framework within Risk Ledger.
We do this bi-annually so that the framework stays relevant, useful and practical for all users of the Risk Ledger platform.
We've added 11 new controls to the framework - resulting from global user feedback and update to industry standards. For this review, we have taken the recent release of ISO 27002:2022 into consideration. The new controls cover Threat Intelligence, Privileged Access Management, Data Protection and Insurance policies.
We updated the Data Protection domain to make it relevant and useful for all organisations, regardless of their location or jurisdiction. We also added the ability for organizations to select multiple countries / regions where they store or transfer personal data to.
There were changes made to 26 of the questions to make them clearer and more meaningful. You may wish to check that you're still happy with your corresponding answers, notes, and evidence. For some controls, suppliers need to confirm that their answers are still applicable. This is marked clearly within the platform.
We've changed the order of our domains to improve the experience of suppliers completing their profile for the first time.
Controls relating to Cyber Insurance have been moved from the Business Resilience domain to the Financial Risk domain, alongside the new insurance controls.
To learn more, click here to head over to our help centre.
Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.
