How often do suppliers update their profile?
But its still a self assessment? i.e. I have to trust what the supplier says?
So I can see my 4th/5th/6th parties? What about ones that are not on the platform?
Does Risk Ledger help with 4th party mapping and operations resilience for EBA & DORA
Does Risk Ledger work alongside the UK Govt cyber strategy and critical dependences?
Does Risk Ledger meet security standards such as ISO or NCSC
What does your framework consist of and how do we map it to ISO?
Do you rely on attestations, how do you validate the answers given?
How do I triage suppliers on Risk Ledger?
How can I use Risk Ledger to report internally (to risk committees e.g.) or externally (to auditors like for ISO)?
How granular are the Risk Ledger reports?
Can I take information out of Risk Ledger and plug it into a GRC tool via an API?
What qualifies as an emerging threat?
How long does it take to publish an emerging threat?
Can we publish our own emerging threat
Can I ask my own questions?
What if suppliers don't want to upload their security information onto the system?
Does Risk Ledger individually verify the info suppliers put on their profile?
How often is your framework reviewed?
Can I add my own questions to the framework?
Does the framework cover ISO, NIST, DORA etc.?
Is Risk Ledger a secure platform?
Why should we be running a Third-Party Risk Management programme?
How is Risk Ledger different from other Third-Party Risk Management platforms?
How much does it cost to use Risk Ledger?
Will we still get value if our suppliers are not on Risk Ledger already?
Why do I need to provide a mobile number to sign up?