On 14th February 2025, we will be making some changes to the standardised control framework within Risk Ledger.
We do this periodically so that the framework stays relevant, useful and practical for all users of the Risk Ledger platform.
All changes will be handled automatically within the platform and marked clearly with a full audit history kept within your activity feed.
This page gives you a summary of the changes that are coming. If you’d like to see the exact changes that will be made ahead of the release date, please send us a message and we can provide this in spreadsheet format.
As a client, what do you need to do?
There is nothing you need to do immediately. You can continue using Risk Ledger in exactly the same way as before. Once the changes are in place, you may wish to do the following:
Engage with your suppliers who haven't yet updated or confirmed their answers to modified control questions. Suppliers will be required to confirm their answers to modified control questions during their six-monthly re-assessment. If you’d like them to confirm or update answers before this date, you will need to prompt them by sending a discussion.
What’s changing?
14 controls will have minor wording updates to give more clarity or bring in line with common industry language.
The Cyber Essentials Plus control (B2) will be nested underneath the Cyber Essentials control (B1).