Risk Ledger's privacy and security
Privacy Security
Written by Haydn Brooks
Created on March 23, 2020
Modified on November 24, 2020


The security and privacy of your data is important to us and this paper provides information about data security and privacy controls and principles within the Risk Ledger platform.

The data we hold.

We hold two categories of data within the Risk Ledger platform:

  • User data - the name, business email address, and mobile number of any authorised user who signs up to the platform;
  • Risk data - any data you submit within your risk assessment (this is generally information about how you govern risk within your company).

Your data is controlled by you.

You have full control over who has access to your data by using connection requests. As an organisation on the Risk Ledger platform the only data visible to organisations not connected with your profile is your company’s name, sector, and company number. In order for an organisation to connect with you and have visibility of your profile, an authorised user has to approve the connection. Once the connection is approved it can be deleted at any time by any of your organisation’s authorised users.

If you delete a connection, the client organisation has visibility of the supplier’s assessment as it was at the point of deletion. This is to allow an audit trail of their assurance activities to be kept. If the supplier deletes their account, all personal data will be anonymised, and clients will again have visibility of the supplier’s assessment as it was at the point of deletion.

Strong access controls.

Risk Ledger enforces two-factor authentication on all user accounts as standard. This helps us to protect our users and any data within the platform. During signup we ask users to provide a mobile number to facilitate this. You may change to use an authenticator app within the user settings.

The platform is free for suppliers.

Risk Ledger’s business model is to charge companies looking to gain assurance over their supply chain and as such the cost for the suppliers is covered by Risk Ledger’s paying clients. We do not sell your data.

Security is a priority.

At Risk Ledger security is a top priority. All of our employees are regularly trained, and our application and underlying infrastructure is subject to regular security testing and vulnerability scanning. Risk Ledger maintains a cyber essentials certification.

To view information on Risk Ledger’s security programme ask a member of our customer success team for a link to our security profile.