Frequently asked questions

Network Trace

Supplier FAQs

Why are we asked to complete a risk assessment for our client?

Do we have to pay to use Risk Ledger?

Is Risk Ledger a secure platform?

Will my Risk Ledger assessment be visible to others on the platform?

Can I share my Risk Ledger assessment with other clients?

What happens to my data if my client no longer uses Risk Ledger?

What happens to my data when we are no longer a supplier to a client?

Who should complete the Risk Ledger assessment on behalf of our organisation?

Why do I have to sign up and create an account as a supplier?

Why do I need to provide a mobile number to sign up?

We have multiple products/legal entities. Do we need to make multiple profiles for each one?

Can I add my colleagues to work on the assessment together?

What happens if I answer "No" to a question?

Can we use Risk Ledger to run assurance against our own suppliers?

Network Trace

Client FAQs

How often do suppliers update their profile?

But its still a self assessment? i.e. I have to trust what the supplier says?

So I can see my 4th/5th/6th parties? What about ones that are not on the platform?

Does Risk Ledger help with 4th party mapping and operations resilience for EBA & DORA

Does Risk Ledger work alongside the UK Govt cyber strategy and critical dependences?

Does Risk Ledger meet security standards such as ISO or NCSC

What does your framework consist of and how do we map it to ISO?

Do you rely on attestations, how do you validate the answers given?

How do I triage suppliers on Risk Ledger?

How can I use Risk Ledger to report internally (to risk committees e.g.) or externally (to auditors like for ISO)?

How granular are the Risk Ledger reports?

Can I take information out of Risk Ledger and plug it into a GRC tool via an API?

What qualifies as an emerging threat?

How long does it take to publish an emerging threat?

Can we publish our own emerging threat

Can I ask my own questions?

What if suppliers don't want to upload their security information onto the system?

Does Risk Ledger individually verify the info suppliers put on their profile?

How often is your framework reviewed?

Can I add my own questions to the framework?

Does the framework cover ISO, NIST, DORA etc.?

Is Risk Ledger a secure platform?

Why should we be running a Third-Party Risk Management programme?

How is Risk Ledger different from other Third-Party Risk Management platforms?

How much does it cost to use Risk Ledger?

Will we still get value if our suppliers are not on Risk Ledger already?

Why do I need to provide a mobile number to sign up?

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.