Changelog

‍

Earlier this month, we launched Product Level Answers, a fundamental update to our assessment that allows suppliers to accurately represent varying security controls across multiple products, within a single profile.

Instead of maintaining separate accounts or duplicating information, suppliers can set organisational-level answers as a baseline and highlight the differences where security controls vary by product. Suppliers can then share precise and relevant information with each client and Clients can clearly identify security control variations across different products, leading to more accurate risk assessments.

‍

Product Level Answers enhances the way suppliers share their security controls across multiple products by allowing companies to set up  and maintain multiple products from a single supplier profile.

With this new feature, suppliers can now:

• Maintain organisational-level answers as the baseline — Set your standard security controls once and apply them across your entire portfolio
• Highlight differences only where security controls vary by product — No need to duplicate information, simply note the exceptions
• Share exactly what's relevant with each client — Provide clients with security information specific to the products they use
• Download assessment answers with product differences — Export comprehensive reports that clearly demonstrate product-specific security measures
• Stop juggling multiple accounts and duplicated information — Manage everything from a single, streamlined interface
  

‍

While Risk ledger’s full and standardised framework offers a comprehensive assessment of larger and critical suppliers. However, what has become more evident over time that increasing the visibility and coverage of your less critical or smaller suppliers has a  compounding effect.

The original full framework with its 192 controls across 10 security domains provides you with   the depth and coverage needed to ensure that your larger and more critical suppliers have a strong security posture in place. We have now introduced an additional and lighter version with only 44 control questions to ease the burden on smaller and less critical suppliers. This new configuration method allows flexibility and wider coverage of your supplier network, increasing uptake and engagement from your smaller or less mature suppliers. This is especially beneficial for those suppliers with limited resources, or which are in the earlier stages of developing their security practices.

But flexibility is key. Following this change, you now have the ability to adjust the scope of assessment questions based on your evolving relationship or changes in your suppliers’ risk profiles or your risk appetite. Either increase the assessment if a supplier becomes more critical or high risk, or decrease the assessment scope for smaller or lower-risk suppliers to increase their engagement with your programme.