Explainers & Guides
Third-Party Data Breaches
Risk Ledger is excited to announce the launch of different framework sizes and introduce the introduction of select add-on domains. This opens up the ability to make our supplier assessment framework more accessible and available to businesses of all sizes and maturity levels. Because every link matters in the supply chain.
While Risk ledger’s full and standardised framework offers a comprehensive assessment of larger and critical suppliers. However, what has become more evident over time that increasing the visibility and coverage of your less critical or smaller suppliers has a compounding effect.
The original full framework with its 192 controls across 10 security domains provides you with the depth and coverage needed to ensure that your larger and more critical suppliers have a strong security posture in place. We have now introduced an additional and lighter version with only 44 control questions to ease the burden on smaller and less critical suppliers. This new configuration method allows flexibility and wider coverage of your supplier network, increasing uptake and engagement from your smaller or less mature suppliers. This is especially beneficial for those suppliers with limited resources, or which are in the earlier stages of developing their security practices.
But flexibility is key. Following this change, you now have the ability to adjust the scope of assessment questions based on your evolving relationship or changes in your suppliers’ risk profiles or your risk appetite. Either increase the assessment if a supplier becomes more critical or high risk, or decrease the assessment scope for smaller or lower-risk suppliers to increase their engagement with your programme.
But as we’re continuing to push the boundaries, and have increased flexibility, we are also expanding the scope, complementing our core supplier assessment framework with additional security domains and controls.
We have introduced add-on domains to complement our core supplier assessment frameworks, allowing you to tailor assessments based on your unique business needs and regulatory requirements. Add-on Domains are a set of control questions around specific themes that may not be relevant for each supplier, but are particularly relevant to others, or in the context of specific compliance requirements your organisation might face.
Initially we have converted our ESG (Environmental, Social and Governance) and a Financial Risk into add-on domains, removing them from our standardised framework, significantly decreasing the number of questions all suppliers using Risk Ledger will now need to answer.
This encourages faster completion times as with fewer questions, suppliers can complete their assessment quicker, speeding up the process of onboarding your active supply chain. For organisations in need of reviewing their suppliers’ posture with respect to these two, now add-on domains, they can still do so, but also apply them more flexibly to only a part of their suppliers. Finally, this drives relevance by ensuring that you're only collecting information that is directly relevant to your business needs.
Finally, we have refreshed our standardised control framework to keep it relevant and practical for everyone.
First off, we have created a new Artificial Intelligence Domain. With the increasing use of AI in the workplace and across business, naturally the business risk has heightened. This new domain includes 12 new controls to ensure you can assist and mitigate AI-related risks in your supply chain.
Secondly, we have added 3 new controls to the Business Resilience Domain to enhance the assessment of your supply chain’s impact on operational resilience. There is also 1 new control each in Network & Cloud Security and IT Operations domains as we continue to dive into these essential security domains and enhance the depth of assessment Risk Ledger can provide.
Finally, we have revisited 15 existing control questions and updated the clarity and industry alignment by re-wording and re-organising the controls. This ensures these controls provide clearer guidance and ensure a smoother assessment processes.
Risk Ledger is staying ahead of evolving cybersecurity threats and industry regulations, by continuing to regularly updating and increasing the flexibility of its assessment framework. This guarantees that your risk management practices are always current and aligned with the latest standards, so you can maintain compliance, reduce vulnerabilities and improve your overall security posture.
Risk Ledger transforms third-party risk management by enabling you to onboard and connect your entire supply chain, bringing every supplier into clear view. Access risk insights, mitigate emerging threats, and manage your supply chain with unparalleled confidence—all from a single, powerful platform.
Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.
