By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept

Risk Ledger/FS-ISAC Pilot Project: Identifying
Concentration
Risks in FS Supply Chains

Risk Ledger is running a joint trial project with FS-ISAC in the UK to understand the number and types of concentration risks that exist within the supply chains of financial services firms.

The project will provide FS-ISAC members who are taking part with the ability to gain greater visibility into their extended supply chains, including 4th, 5th and nth parties to increase operational resilience, and meet some DORA requirements. Upon completion of this trial project, we are planning to run a larger project with FS-ISAC members.

Register today to receive the final report at the end of the project, including key findings, recommendations and details on how to join a potential follow-up project.

Receive the final project report upon release

National Health Service
Quilter
BAE Systems
Telenor
Civil Aviation Authority
Village Hotels
SGN
Succession Wealth
First Sentier Investors
Welsh Water
Scoutbee
Simply Business
Arqiva
Yieldbroker
Times Higher Education World University Rankings
Pennon
Govia Thameslink Railway
Schroders Personal Wealth
Anglian Water
Gnatta
Synectics Solutions
PR Gloo
UK Health Security Agency
Manchester Police
Department for Environment & Rural Affairs
Police Digital Service
Cheshire Constabulary
Southern Water
Yorkshire Water
Portsmouth Water
Thames Link
Upvest
Crowe
Zenseact
National Health Service
Quilter
BAE Systems
Telenor
Civil Aviation Authority
Village Hotels
SGN
Succession Wealth
First Sentier Investors
Welsh Water
Scoutbee
Simply Business
Arqiva
Yieldbroker
Times Higher Education World University Rankings
Pennon
Govia Thameslink Railway
Schroders Personal Wealth
Anglian Water
Gnatta
Synectics Solutions
PR Gloo
UK Health Security Agency
Manchester Police
Department for Environment & Rural Affairs
Police Digital Service
Cheshire Constabulary
Southern Water
Yorkshire Water
Portsmouth Water
Thames Link
Upvest
Crowe
Zenseact
Network Trace

Project Details:

The project will allow FS-ISAC members to connect to their suppliers on the Risk Ledger platform, and provide project participants with data on the security and resilience of their connected suppliers.

The project will use Risk Ledger’s relationship-based data to map out the supplier ecosystems of the project participants, and help them identify 4th, 5th and nth party relationships and dependencies.

The project will use Risk Ledger’s concentration risk algorithm to automatically detect suppliers who introduce concentration risks to the FS supplier ecosystem.

The project will enable FS-ISAC members to collaborate with each other and share new data to enhance their TPRM processes as part of an FS-ISAC led community.

Network View

How a Tier-1 Bank Used Risk Ledger to Identify Concentration Risks


A tier-1 bank used Risk Ledger during a cyber
innovation challenge to uncover potential blindspots further down their supply chain. Their aim was to showcase their supply chain map in a meeting with regulators the following week. Within 48 hours they were
able to get a clear overview of their entire supply chain,
far beyond their immediate direct suppliers.

What they discovered:
Using Risk Ledger, the bank was able to identify:

- 14 third parties
- 36 fourth parties
- 175 fifth parties
- 15 sixth parties
- 27 seventh parties
- and crucially, 7 concentration risks

In addition they were able to trace knock-on effects
of potential emerging supply chain attacks such
as Solarwinds or Log4J through uncovering these
dependencies in their supply chain.

Who Are Risk Ledger?

Risk Ledger, the cutting-edge third-party risk management platform, empowers security and procurement teams to Defend-as-One by visualising and managing their entire supply chain in real-time. Our collaborative approach enhances supply chain security, reduces compliance burdens, and strengthens your organisation's defence because every link matters in cybersecurity

Access a large existing supplier network

Gain immediate access to security information of thousands of suppliers already in our network. Just connect with them in a matter of minutes and review their already peer-reviewed security profiles. On average, organisations joining Risk Ledger find that between 40-60% of their existing suppliers are already using our platform.

Gain real time security data and automate re-assessments

Point-in-time supplier questionnaires make it difficult to track your suppliers’ controls. On Risk Ledger, suppliers maintain one profile through automated reassessment notifications, helping you access live information without the hassle of back and forth emails. This unlocks standardised reporting across your whole supply chain.

Use our comprehensive security framework updated against the latest regulations & directives

Throw away old spreadsheets and questionnaires. Our supplier assessment framework is updated regularly against the latest cybersecurity directives and industry regulations, taking the burden of maintenance away from you whilst providing comprehensive supplier assessments against control questions across 12 security domains.

Visualise and map concentration risks

Through our powerful visualisation, you can now identify previously unseen 4th/5th/nth party vulnerabilities. Be one step ahead and manage industry wide concentration risks. Gain insight into where you sit within the broader financial sector's supply chain ecosystem.

Continuous monitoring of suppliers' security controls

Improve your operational resilience through real time security data across your whole supply chain and make better informed decisions. Risk Ledger combines both "inside-out" control-assessment data directly sourced from inside suppliers' organisations with "outside-in" scan data, providing a unique and comprehensive evaluation.

Join a Community of Peers to Defend-as-One

Join a dedicated community for financial services firms on Risk Ledger to collaboratively improve your security, identify shared suppliers to reduce the burden of reviews, and reveal shared systemic risks. Work with peers to understand dependencies and triage risks together for more effective TPRM and incident response.

Trapezoid
Pattern Trapezoid Mesh

Defend your supply chain with Risk Ledger.

Book a demo
© 2024 Risk Ledger Ltd
CookiesPrivacy PolicyTerms of ServiceSecurity Profile