Vendor Risk Assessments

Suppliers, as a minimum, update their profile at least every 6 months and this is automated through the platform meaning at the very least you are receiving updates at least twice as much vs a manual method with zero effort on your side. Typically suppliers update their profile more often than this as they are connected with more than one customer, therefore updating their profile as they go through further reviews. Any update is communicated to you and any other client they are connected with. You are able to track any changes in the suppliers profiles in the activity tab and we send a weekly update on any change in any supplier profile. This also massively reduces the burden on re-reviews as you are constantly looking at accurate up to date information.

Yes it is a self assessment, it is an industry norm that self assessments are sufficient for supplier reviews as scanning tools cannot give us a view on internal security controls and onsite audits are over burdensome on both client and supplier resources meaning it is unfeasible to cover all vendors and impossible to continually monitor. Traditionally manual approaches also rely on self assessments but crucially are point in time assessments and are therefore out of date the moment you receive them. Taking the above into account, it therefore matters what the self assessment covers. That is why Risk Ledger has built our best in class Supplier Assessment Framework (mapping to ISO 27001, Nist800, NCSC CAF) focused on allowing the suppliers to demonstrate their specific security controls and evidence to support the client in understanding whether the supplier is appropriately complying with regulations and best practices. Risk Ledger then goes further with our unique network based approach then allowing clients to continually monitor those controls and giving visibility into 4th/5th/6th parties that is virtually impossible to achieve via any other method.

Yes, the suppliers need to be on the platform to assess 3rd parties and beyond which is why growing the network is a priority. We have onboarded over 1200 vendors from January - June 2023 alone, as a result, security professionals on Risk Ledger are constantly receiving insights beyond the 3rd party that they cannot receive via any other method. Recently, a high street bank, using Risk Ledger onboarded 14 suppliers in 2 days and immediately had visibility down to their 7th party and identified 7 previously unidentified concentration risks.