Industry-agnostic
Suitable for use across all industries, including Finance, Telecoms, Healthcare & Critical Infrastructure.
Standard Mappings
Our standardised framework maps to ISO27001, Cyber Essentials, the NIST Cybersecurity Framework & the NCSC Cyber Assessment Framework.
Customizable Policies
Use policies to add flexibility to the standardised framework, reflecting your risk appetite.
Increase Efficiency
Instantly connect with your suppliers and review their regularly updated Risk Ledger assessments, eliminating back & forth.
Control Based
Standardised, control based questions make it easy for suppliers to understand and provide clear, actionable data.
Knowledge Base
Our accompanying knowledge base educates all parties on risks and best practices, increasing security maturity.
Security Risks
Security is at the heart of Risk Ledger's Supplier Assessment Framework. We cover compliance with key security certifications, ensure all relevant company policies are in place, check that major data protection legislation is being followed and explore technical controls for corporate networks, cloud environments and secure software development.
Environmental, Social and Governance
Risk Ledger's Supplier Assessment Framework also covers a range of non-security risks that a third-party may pose. This includes how your organisation manages and governs its environmental and social impact. It includes checks covering financial stability and looks for policies covering health & safety, the environment and whistleblowing. It also checks that human rights regulations are being followed and that diversity & inclusion commitments are documented.
Financial Risk
Financial Controls to prevent, identify, and respond to evidence of financial crime are also included in Risk Ledger's Supplier Assessment Framework. This includes checks for compliance with relevant Anti-Money Laundering (AML) regulations, applicable Anti-Bribery and Corruption (AB&C) legislation, fraud prevention and sanctions.