Pattern Trapezoid Mesh

Changelog

New updates and improvements to Risk Ledger

October 2, 2025

September 2025: Introducing Light and Dark Mode

We've added light and dark mode options to improve accessibility and give you more control over your Risk Ledger experience.

How to get started

Navigate to Settings > Appearance and choose from:

  • Classic – The default Risk Ledger style
  • Sync with system – Automatically matches your device's display settings
  • Light mode – Changes the entire platform to a white background, including Network Visualisation
  • Dark mode – Enables dark mode throughout the platform

Other improvements

  • Enhanced login accessibility – We've updated the login pages to use accessible form elements with improved contrast
  • Clearer mode labels – When switching between Client and Supplier views, you'll now see "Client mode" or "Supplier mode" labels for consistency across the platform and Help Centre

September 4, 2025

August 2025: Deeper supply chain visibility and streamlined collaboration

This month brought significant enhancements to how you visualise and understand your extended supply chain.

With the launch of Fourth Parties, you can now map critical dependencies beyond your direct suppliers, whilst our improved Network Visualisation makes it easier to spot concentration risks across complex supplier networks.

We've also refined our assessment framework and enhanced supplier collaboration tools to drive faster, more accurate risk assessments.

New Feature: Fourth Parties

Client and supplier relationships are complex and ever-evolving. You need a real-time, comprehensive overview of your suppliers’ suppliers to identify and understand changing critical dependencies and concentration risks.

We launched Fourth Parties to solve this. Clients can get true visibility of their suppliers’ critical suppliers, plotted in our Network Visualisation tool for faster, deeper supply chain analysis.

  • Spot concentration risks hidden further down your supply chain
  • Meet regulatory requirements such as DORA and PRA SS2/21
  • Scale your analysis as your supply chain grows in complexity

Here’s how it works:

  • Supplier declaration: Suppliers can now add their own critical suppliers (name and website) directly to their profile, and share it with all their clients on Risk Ledger.
  • Client visibility: Connected clients can see each supplier’s critical relationship within their active supply chain network.
  • See the bigger picture: Clients can see all fourth parties even if they aren’t yet on Risk Ledger.

Fourth Parties is now live on the Risk Ledger Supply Chain Security Platform ready for Clients and Suppliers to explore.

You can learn more about the feature on our blog or in our Help Center.

Smarter, cleaner Network Visualisation

Along with the launch of Fourth Parties, we continued to enhanced our Network Visualisation tool to ensure it gives businesses a clear and accurate picture of how businesses are connected to one another across multiple tiers of relationships.

What’s changed:

  • Clearer visual differentiation between third-, fourth-, and nth party nodes on the map
  • When you select a supplier, you’ll now see what degree of connection it is
  • Improved design of the supplier information box so it’s clearer to see compliance scores, how to view the suppliers’ profile and open risks
  • Updated colours to meet accessibility standards
  • Fixed a bug to show 0% compliance scores for basic connections with no assessments or  when an assessment is incomplete

Framework update August 2025

We update our Standardised Assessment Framework every six months to ensure that the framework remains relevant to changing regulatory and business demands, while maintaining consistency for clear comparison.

In our latest update, these are the changes we made:

  • A few small grammatical changes to questions and descriptions
  • Requesting specific documentation as evidence for ISO27001 and PCI DSS
  • Updating the MFA control question (D6) to ensure it includes customer-facing applications, especially now that suppliers can list multiple products on their Risk Ledger profile
  • Updating controls D23-27 to move away from specifically targetting laptops to instead covering all endpoints (laptops, desktops, mobile phones etc.), and breaking this down to organisation-issued devices and BYOD.
  • Simplifying scoping questions to help suppliers when they first complete their profile
  • Adding a new control question (K1) about AI Policy, in response to developments in AI risk governance standards.

You can learn more about what this means for Clients here, and Suppliers here.

Enhanced supplier onboarding and collaboration

For Suppliers to complete an assessment, it takes multiple people across different teams to work together. So, we’re improving how Supplier teams collaborate on Risk Ledger with these new features:

  • Streamlined onboarding experience - Completely redesigned the supplier onboarding flow and simplified scoping questions with to deliver better supplier experiences and reduce the time it takes to complete an assessment.
  • Supplier primer emails - Before inviting colleagues to join Risk Ledger, suppliers can now send a pre-written primer email to provide context about Risk Ledger and what's expected of them.
  • Improved colleague invitations - We've updated the invitation email to provide more context about Risk Ledger and offer detailed next steps for new users.

Other improvements

  • Supplier Assessments - Fixes and improvements to filters and text searches for assessment answers.
  • External Monitoring - Added "Informational" filter in the Findings table to make it easier to filter for the right findings.
  • PDF Exports Now Include a Date Stamp - Added a date stamp to all PDF exports so you can use these reports as snapshot of evidence for your security assessments and audits.

August 5, 2025

July 2025: Expanding External Monitoring (Beta)

When assessing their suppliers, companies are always looking for ways to verify what suppliers claim to do. With External Monitoring (Beta), we're complementing supplier assessments with external, objective data to verify their security posture.

This month, we're expanding these capabilities with port scanning and enhanced findings navigation.

Introducing Port Scanning

Port Scanning automatically checks suppliers' digital assets for open ports that are frequently targeted in cyber attacks.

We focus on the most critical vulnerabilities across remote access, databases, web services, file sharing, and infrastructure—reducing noise whilst surfacing the findings that matter most.

Like all External Monitoring features, port scanning results appear directly within your suppliers' profiles alongside their assessment responses, giving you the complete picture without having to jump back and forth between different tools.

Updated severity indicators and explainers

Based on user feedback of early versions of External Monitoring (Beta), we’ve updated our severity indicators and explainers to provide more context and transparency to users about how we assign severity ratings to scan findings.

  • New severity indicators - We’ve introduced specific severity indicators to show the number of critical, high, medium, or low findings per scan category. We are pivoting from aggregated indicators to individual indicators.
  • Better documentation - We’ve created detailed Help Centre documentation to explain severity levels and provide relevant examples.
  • Additional help within the platform - A new legend is now accessible from multiple points within the experience, offering in-platform explanations of each severity level.

More ways to view scan findings

We’ve introduced two new ways for Clients to quickly view Supplier scans and help prioritise the findings they should be looking at, focussing on critical issues or specific assets.

  • Monitoring Dashboard: A centralised view on the Supplier Overview displaying a summary of latest scan results.
  • Enhanced Findings Table: New "Findings" tab now live in External Monitoring alongside existing Scans and Assets sections. Clients can now efficiently review across their entire supplier’s assets, with clear pathways from overview dashboards.

Improving the supplier onboarding flow

We’re also simplifying the supplier onboarding flow to speed up assessment completion times. So far, we’ve introduced some design changes to the initial signup flow to make the experience more enjoyable for new users.

Pattern Trapezoid Mesh

Get the security manager's briefing

Monthly research, case studies and practical guides you won't find anywhere else.

Join thousands of security managers turning their TPRM programmes into success stories.