Please note: scoping questions are only present the first time an organisation starts an assessment, and once answered they cannot be answered again. As answering them only ever triggers questions in the assessment to be pre-answered, these answers can always be changed from within the Assessment itself, after the scoping questions have been completed.

A security assessment is not a short questionnaire; the Risk Ledger Supplier Assessment Framework consists of 153 distinct controls. Scoping questions are a feature built in to Risk Ledger to try and make it easier for Suppliers to answer these 153 questions.

The scoping questions are answered before the assessment is started. Depending on how they are answered they will either pre-answer controls within the main assessment, or leave questions in the main assessment open to be answered.

For example, if the first scoping question "Does your organisation hold any certifications in information security?" is answered with a "Yes", the further questions on the assessment to do with certifications will require answering. If it is answered with a "No" then the questions within the Security Assessment domain are pre-answered with a "No", effectively shortening the assessment.

Did this answer your question?