How to Strengthen Supply Chain Security with ASCS

ASCS in practice: How Security Leaders use Risk Ledger to strengthen supply chain security.

From Directors of IT Operations to Information Security Managers, today’s security leaders know that traditional TPRM is not up to scratch. Only 37.2% of cyber security professionals think it’s ‘truly effective’ for today’s interconnected threats.

That’s why security leaders in heavily-regulated and highly-targeted sectors - including Financial Services, Critical National Infrastructure (CNI) and the Public Sector - are moving towards Active Supply Chain Security (ASCS).

By standardising supplier security assessments, visualising the entire supplier network, continuously identifying threats and enabling collective defence, ASCS strengthens visibility and resilience for every link in the supply chain.

Here’s how security leaders at Crowe UK, Radius Health, ScotRail, and United Utilities are using Risk Ledger’s ASCS platform for continuous supply chain security.
‍

Standardised Assessment Frameworks

Aligned to major security standards and customisable to your needs, Risk Ledger’s standardised assessment framework creates a common language of risk, improves the quality of risk data, enhances your security team’s efficiency and speeds up supplier onboarding.

Customer Spotlight: Crowe UK

Part of Crowe Global, one of the top 10 accounting networks in the world, Crowe UK is one of the nation’s leading audit, tax, advisory and consulting firms.

Challenge: Crowe UK was trying to ensure that hundreds of third-party suppliers abided by high security standards and upheld exemplary ESG practices. But Crowe UK’s manual TPRM process was cumbersome, time-consuming and lacked visibility on suppliers’ changing security and ESG postures.

Solution: Crowe UK sent Risk Ledger’s standardised assessment framework - which was aligned with all leading cyber security standards, enhanced with ESG controls and provided continuous monitoring capabilities around Financial Services reporting requirements - to all of its existing and new suppliers.

Result:

Ensured highest ESG standards across the supply chain.

Increased transparency, integrity, and validity in the suppliers’ assessment responses.

Reduced TPRM costs by 60%.
‍

“Risk Ledger has allowed Crowe to run an efficient and effective third-party risk management programme, collaborating with suppliers to identify and remediate risks. Risk Ledger has reduced the time and cost of supplier risk management by around 60%.”

- Raj Lachani, Director of IT Operations Crowe UK

Supply Chain Visualisation

Risk Ledger visualises your entire ecosystem on a living network map, showcasing interconnected organisations at scale. With this bird’s eye view - alongside visualisation tools like heatmaps and notifications when a supplier's security profile changes - your security team can easily see vulnerabilities posed by opaque deep-tier suppliers, identify critical concentration risks and monitor shifting supply chain risks in real-time.

Customer Spotlight: Radius Health

Radius Health is a leading US biopharmaceutical company with specialisms in bone health and related therapeutic areas.

Challenge: Radius was trusting a complex, non-linear ecosystem of vendors with critical personal and health data. While TPRM questionnaires covered Radius’ direct partners’ security, they were insufficient for identifying indirect risks, such as a vendor’s vendor (4th party) suffering a breach.

Solution: Risk Ledger’s network model gave Radius Health full visibility over their entire supply chain beyond just direct third-party vendors and provided real-time updates on changing nth party connections.

Result:

Holistic view of supply chain risk.
Better understanding of third-parties’ actual cyber and risk postures.
Can now identify potential concentration risks where multiple direct vendors rely on a single 4th-party vendor.
‍

"It is critical for us to understand the cyber posture of our 3rd parties and how our data is stored with them and their partners. In this multi-tiered model, there may be indirect risks to our data and our users if a connected vendor is compromised."

- Gerry DiBona, Head of IT, Radius Health

‍Read more
‍

Proactive Threat Management

Risk Ledger overlays emerging threats on the network map in real-time, highlighting the ‘blast radius’ of impacted suppliers and showing how the impact could cascade through the ecosystem. This enables your security team to prioritise remediation and seamlessly coordinate mitigation action with suppliers to prevent attackers infecting more of the supply chain.

Customer Spotlight: Cheshire Constabulary

Cheshire Constabulary is responsible for law enforcement in Cheshire, North West England, with nine local policing units serving one million residents.

Challenge: Cheshire Constabulary was using point-in-time assessments, but lacked resources to continually follow-up and monitor what was happening thereafter.

Solution: Cheshire Constabulary used Risk Ledger to standardise its assessments and receive automatic alerts to changes in suppliers’ security postures.

Result:

Able to continually monitor the security of its suppliers to ensure alignment with specific police force needs.
Huge time saving from no longer needing to update and review suppliers assessments themselves.
Simplified compliance audits for the Information Commissioner's Office.
‍

“If a supplier decided, for example, to start using a data centre in a problematic jurisdiction, we didn't have any visibility of that unless they told us...the benefit of Risk Ledger is that we are now informed automatically if an important security control like this changes.”

- Stuart Rogers, Head of IT & Information Security, Cheshire Constabulary

‍Read more
‍

Defend-as-One

With Risk Ledger’s platform acting as a single security hub for supply chain risks, your security team can seamlessly collaborate with suppliers during onboarding, share intelligence on supply chain threats and collectively respond to breaches. As such, you can optimise industry resources and strengthen network-wide resilience while improving operational efficiency.

Customer Spotlight: United Utilities

A FTSE 100 company, United Utilities operates the regulated water and wastewater networks in North West England.

Challenge: United Utilities relied on manual TPRM spreadsheets, which required the security team to review every single question in detail. This imposed a huge strain on the team’s productivity and frustrated suppliers, many of whom refused to do a spreadsheet.

Solution: United Utilities made it mandatory for all suppliers to use Risk Ledger’s platform. The majority of United Utilities suppliers already had peer-assessed security profiles on the platform, which simplified assessment reviews and centralised supplier assurance data in one place.

Result:

Significantly lower time burden on the security teams at United Utilities and its suppliers.
Enhanced United Utilities’ engagement and relationship with its suppliers.
Ensured all suppliers were compliant with NIS-D, bolstering ecosystem-wide resilience.
‍

"For all our industry to move all of our suppliers on the same platform, and getting these synergies, made a lot of sense.”

- United Utilities’ Cyber Security Technical Assurance Manager

Get started with Risk Ledger’s ASCS platform

Risk Ledger is putting security leaders back in control of supply chain security.

By helping organisations move beyond outdated TPRM software towards a more connected and continuous Active Supply Chain Security platform, we’re enabling CISOs, IT Directors, InfoSec Heads and Security Managers in highly-regulated industries to bolster supply chain resilience and defend-as-one.
‍