Proactively share your Security Profile with anyone, at any time. Learn More

Our commitment to

Security & Privacy

Request access to our own Risk Ledger supplier assessment to review our full set of security information.

Data

User Data

The name, business email address, and mobile number of any authorised user who signs up to the platform.

Risk Data

Any data you submit within your risk assessment (this is generally information about how you govern risk within your company).

Your data is controlled by you.

As an organisation on Risk Ledger, only authorised users on your account can decide to share sensitive data with another organisation on the platform. The only data visible to other organisations you are not connected with is your company’s name, sector, and company number to allow connections to be requested and accepted.

In order for an organisation to connect with you and have visibility of your profile, an authorised user must approve the connection request.

Once the connection is approved it can be deleted at any time by any of your organisation’s authorised users.

If a supplier deletes a connection with a client organisation, the authorised users of that organisation have visibility of the supplier assessment as it was at the point of deletion. This is to allow an audit trail of your client's third-party risk management activities to be maintained.

If a supplier deletes their account, all personal data is removed, and clients who were connected with that supplier have visibility of their supplier assessment as it was at the point of deletion.

Security

  • Encryption

    All data sent to and from Risk Ledger is encrypted in transit. Our website, application and API are served over TLS/SSL, achieving A+ on Qualys SSL labs. We also encrypt all data at rest with the industry-standard AES-256.

  • Authentication

    Risk Ledger enforces strong authentication for both our users and employees, to protect our customers and their data. Multi-Factor Authentication (MFA) is mandatory to access the product and all our internal systems.

  • Cloud Infrastructure

    Risk Ledger services and data are hosted within hardened cloud infrastructure, managed using Infrastructure-as-Code processes. We operate over two availability zones, with robust monitoring in place. Amazon Web Services (AWS) is our primary cloud provider.

  • Independent Security Testing

    Risk Ledger undergoes regular vulnerability scanning and penetration tests by independent third-parties, testing our security controls against industry standards. In addition, all our employees complete regular information security training.

If you have any questions, or would like to report a vulnerability, please email security@riskledger.com