MOVEit Transfer Vulnerability: Lack of Supply Chain Visibility Exacerbates Breach View Post

Framework Changes - August 2022

We've made some changes to the standardised controls framework within Risk Ledger.

We do this bi-annually so that the framework stays relevant, useful and practical for all users of the Risk Ledger platform.

New Controls

We've added 11 new controls to the framework - resulting from global user feedback and update to industry standards. For this review, we have taken the recent release of ISO 27002:2022 into consideration. The new controls cover Threat Intelligence, Privileged Access Management, Data Protection and Insurance policies.

We updated the Data Protection domain to make it relevant and useful for all organisations, regardless of their location or jurisdiction. We also added the ability for organizations to select multiple countries / regions where they store or transfer personal data to.

Updated Wording

There were changes made to 26 of the questions to make them clearer and more meaningful. You may wish to check that you're still happy with your corresponding answers, notes, and evidence. For some controls, suppliers need to confirm that their answers are still applicable. This is marked clearly within the platform.


We've changed the order of our domains to improve the experience of suppliers completing their profile for the first time.

Controls relating to Cyber Insurance have been moved from the Business Resilience domain to the Financial Risk domain, alongside the new insurance controls.

To learn more, click here to head over to our help centre.

Ready to dive in?
See Risk Ledger in action.