Risk Ledger is a data sharing platform that has been built to help companies collect security assurance over their Suppliers in a simple, efficient, and secure manner.
What is security assurance?
Today, every time a company buys a service or enters into a contract with a Supplier, they have to place some form of trust in that relationship. Whether the relationship involves sharing data, creating a network connection, or giving the Supplier access to their office, the Client (this is what we call companies who are using the services of a Supplier) has to make sure that the Supplier is secure enough to protect that trust. This process of a Client checking that its Suppliers are secure is know as security assurance - they are getting assurance over their Suppliers' security.
Previously, Clients used spreadsheet based security questionnaires to do this. Before entering into a contract, and every year thereafter, the Client would use a tool such as a spreadsheet to ask all of their Suppliers about the security controls that they had implemented.
This was costly and inefficient for both the Clients (who may have thousands of suppliers) and their Suppliers (who often had to answer multiple questionnaires from multiple clients, every week).
How does Risk Ledger help?
Risk Ledger is a tool that allows Suppliers to easily complete one standard security assessment and share it with multiple Clients, saving them time.
Clients join the platform and input their security Policies (these are the security requirements that they expect their Suppliers to meet). They then invite their Suppliers onto the platform, or connect with the Suppliers if they are already using Risk Ledger.
The Suppliers complete an assessment against our Supplier Assessment Framework (SAF), and this is then compared against their Clients' Policies and made visible to the their Clients' security team.
Suppliers can accept connection requests from multiple Clients, reducing the need for them to complete separate security assessments for each Client that they work with. Remediation requests and actions can also be tracked through the platform by both the Clients and Suppliers.
What are the benefits for Suppliers?
- Reduced number of time consuming security questionnaires;
- A helpful knowledge base to up-skill and support them through the process of improving their cyber security;
- A one stop place for organisations to understand what security they have to implement to be compliant with their Client contracts;
- It's free!
What are the benefits for Clients?
- Rapidly collect security assurance over your whole supply chain with ease, saving you time and money;
- Help to comply with key regulation such as GDPR, NYDFS Cyber Security Regulation, and FCA SYSC 8.1.;
- Avoid giving your Suppliers extra work;
- Know that Risk Ledger are supporting your Suppliers by giving them the tools and knowledge they need to improve their security.