Skip to main content
All CollectionsExternal Monitoring (Beta)
External Monitoring Beta: Frequently Asked Questions
External Monitoring Beta: Frequently Asked Questions

Learn about Risk Ledger's new External Monitoring feature, including how the beta program works, what security configurations we scan, data privacy details, and how to get the most out of the tool.

Dan McKenzie avatar
Written by Dan McKenzie
Updated this week

About the Beta Program

What is External Monitoring?

External Monitoring is a new feature that helps you understand your organization's security posture from an outside perspective. It currently scans your email and web security configurations to identify potential security improvements.

Why am I part of the beta?

You've been selected based on your active engagement with Risk Ledger. We value your insight and believe your feedback will help us build a better product for all suppliers. While External Monitoring is free for all suppliers, beta participants get early access and the opportunity to shape the feature's development.

How long will the beta run?

The beta program will run for several weeks while we gather feedback and make improvements. External Monitoring is free for all suppliers, both during and after the beta period.

Privacy & Security

Who can see my scan results?

During the beta, scan results are completely private and visible only to your organization. Results are not shared with any customers or other Risk Ledger users.

Is the scanning process secure?

Yes. Our scanning process:

  • Follows industry best practices for security testing

  • Only checks publicly available security configurations

  • Never attempts to exploit vulnerabilities or access private data

What data do you collect?

We only collect information from public DNS records and web server responses, similar to what any web browser would receive. This includes:

  • Email security configurations (SPF, DMARC)

  • Web security headers

  • SSL/TLS certificate information

Using External Monitoring

How do I get started?

  1. Visit the External Monitoring section in your Risk Ledger account

  2. Review any pre-populated domains

  3. Add additional domains if desired

  4. Check your initial security findings

Can I add or remove domains to scan?

Yes, you can manage your domains at any time through the External Monitoring interface.

How often are scans performed?

  • Web security checks (TLS, CSP, HSTS, HTTP headers) run daily

  • Email security checks (SPF, DKIM, DMARC) run weekly

  • You can manually trigger a rescan of email security checks at any time

  • You'll be notified of any significant changes to your security posture

Getting Help & Providing Feedback

How do I provide feedback?

We want to hear from you! You can:

  • Use the feedback button within the product

  • Book a feedback session with our team here

  • Reply to any of our beta communications

What if I find incorrect results?

Please let us know immediately through any of the feedback channels. Understanding any false positives or inaccuracies helps us improve the service.

Can I get help understanding my results?

Yes! We offer:

  • Detailed explanations within the product

  • Direct access to our team for questions

  • Help documentation for each type of security check

Future Plans

Will this eventually be visible to customers?

Yes, we plan to make External Monitoring results available to customers in the future. This will help you:

  • Demonstrate your security posture with objective data

  • Support your assessment responses with evidence

  • Show your commitment to security improvements

What features are coming next?

We're focusing on email and web security for the beta, but our roadmap includes:

  1. Enhanced Security Guidance

    • Clearer explanations of why each check matters

    • Practical steps for improving configurations

    • Industry best practice recommendations

  2. Assessment Integration

    • Connect scan results to assessment answers

    • Provide evidence of security controls

    • Combine outside-in data with your assessment responses

  3. Result Sharing

    • Share results with customers to demonstrate your security posture

    • Add context to explain your configurations

    • Show progress on security improvements

  4. Additional Security Checks

    • DNS security configurations

    • Expanded domain checks

    • More security indicators

Our goal is to help you understand your security posture and make meaningful improvements. We'd love to hear what additional security checks and guidance would be most valuable for your organization.

Technical Details

What specific configurations do you check?

Email Security

Web Security

Have another question?

Contact our Product Manager, Dan McKenzie anytime at dan.mckenzie@riskledger.com.

Did this answer your question?