Security & Privacy
Join & connect to our own Risk Ledger profile to have real-time access to our security and risk controls. Or contact us to request a temporary view.
Data
The name, business email address, and mobile number of any authorised user who signs up to the platform.
Any data you submit within your risk profile (this is generally information about how you govern risk within your company).
Your data is controlled by you.
As an organisation on Risk Ledger, only authorised users on your account can decide to share sensitive data with another organisation on the platform. The only data visible to other organisations you are not connected with is your company’s name, sector, and company number to allow connections to be requested and accepted.
In order for an organisation to connect with you and have visibility of your profile, an authorised user must approve the connection request.
Once the connection is approved it can be deleted at any time by any of your organisation’s authorised users.
If a supplier deletes a connection with a client organisation, the authorised users of that organisation have visibility of the supplier profile as it was at the point of deletion. This is to allow an audit trail of your client's third-party risk management activities to be maintained.
If a supplier deletes their account, all personal data is removed, and clients who were connected with that supplier have visibility of their supplier profile as it was at the point of deletion.
Security
Encryption
All data sent to and from Risk Ledger is encrypted in transit. Our website, application and API are served over TLS/SSL, achieving A+ on Qualys SSL labs. We also encrypt all data at rest with the industry-standard AES-256.
Authentication
Risk Ledger enforces strong authentication for both our users and employees, to protect our customers and their data. Multi-Factor Authentication (MFA) is mandatory to access the product and all our internal systems.
Cloud Infrastructure
Risk Ledger services and data are hosted within hardened cloud infrastructure, managed using Infrastructure-as-Code processes. We operate over two availability zones, with robust monitoring in place. Amazon Web Services (AWS) is our primary cloud provider.
Independent Security Testing
Risk Ledger undergoes regular vulnerability scanning and penetration tests by independent third-parties, testing our security controls against industry standards. In addition, all our employees complete regular information security training.