By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept
Supplier Assessment Framework

You focus on assessing suppliers, we’ll take care of the framework.

Our standardised framework allows you to easily compare/benchmark your suppliers, stay on top of existing/incoming regulations and focus your attention on ensuring your companies’ data is being looked after. The framework is updated every 6 months to account for any recent developments in the security landscape so you can be confident you’re asking the right questions to suppliers.

Ask a question
View Framework
Canvas
Framework

Understanding our framework

Industry-agnostic

Suitable for use across all industries, including Finance, Public Sector, Telecoms, Healthcare & Critical Infrastructure.

Standardised

Our standardised control framework covers ISO27002, the NIST Cybersecurity Framework, the NCSC Cyber Assessment Framework & Cyber Essentials.

Customisable Policies

Use policies to add flexibility to the standardised framework, reflecting your risk appetite.

Increase Efficiency

Instantly connect with your suppliers and review their regularly updated Risk Ledger security profile, eliminating back & forth of security questionnaires.

Control Based

Standardised, control-based questions make it easy for suppliers to understand and provide clear, actionable data.

Loved by suppliers

Our framework can be used by your suppliers for all their clients, reducing the assessment burden and increasing the quality of responses. Learn more

Security Risks

Security is at the heart of Risk Ledger's Supplier Assessment Framework. We cover compliance with key security certifications, ensure all relevant company policies are in place, check that major data protection legislation is being followed and explore technical controls for corporate networks, cloud environments and secure software development.

A

Security Governance

B

Security Certifications

C

HR Security

D

IT Operations

E

Software Development

F

Network and Cloud Security

G

Physical Security

H

Business Resilience

I

Supply Chain Management

J

Data Protection

K

Artificial Intelligence

Environmental, Social and Governance

Risk Ledger's Supplier Assessment Framework also covers a range of non-security risks that a third-party may pose. This includes how your organisation manages and governs its environmental and social impact. It includes checks covering financial stability and looks for policies covering health & safety, the environment and whistleblowing. It also checks that human rights regulations are being followed and that diversity & inclusion commitments are documented.

XB

Environmental, Social and Governance

Financial Risk

Financial Controls to prevent, identify, and respond to evidence of financial crime are also included in Risk Ledger's Supplier Assessment Framework. This includes checks for compliance with relevant Anti-Money Laundering (AML) regulations, applicable Anti-Bribery and Corruption (AB&C) legislation, fraud prevention and sanctions.

Network Trace
FAQ

Frequently asked questions

How often is your framework reviewed?

Can I add my own questions to the framework?

Does the framework cover ISO, NIST, DORA etc.?

Ask a question
Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.

Book a demo
Support
Framework
Node 3
© 2025 Risk Ledger Ltd
CookiesPrivacy PolicyTerms of ServiceSecurity Profile