We have designed the Risk Ledger platform to enable you to easily run a third-party risk management programme at speed and at scale so you can identify, measure and mitigate risks across your supply chain using data collected directly from your suppliers.
If you need support that you can't find in this guide, contact our support team using the bubble at the bottom right of your screen when you are logged into the Risk Ledger platform or on our website.
Getting Started on Risk Ledger
Create your client account. This process will only take around 5 minutes to complete. Learn more about the signup flow here.
Add users to effectively manage your account. The type of job roles that typically use Risk Ledger are:
Cyber Security
Information Security
Supply Chain Assurance
Information Technology
Procurement
Commercial
Once you have completed the above steps, check out the content below for a guide on setting up the platform and best practices.
Setting up your Tags
You can tag your suppliers on Risk Ledger based on three categories:
Criticality
Confidentiality
PII (Personally Identifiable Information)
These tags will determine the risk requirements for a specific supplier and drive the policies that are set over their assessment.
To find out more about tags and what each option represents, click here.
Setting up Custom Properties
Custom Properties allow you to add the Supplier context that matters to you and your team. This will help you to stay organised and give you the structured data you need when reviewing your entire supplier base. Using Custom Properties you are able to define your own Custom Properties with the types below and easily filter, sort and export your full supplier list.
To find out more about custom properties, click here.
Setting up your Supplier Labels
Labels are custom sub-categorises that can be applied to suppliers. You can create and apply custom labels to your suppliers to improve filtering, reporting and your policy setup on different groups of suppliers.
To find out more about labels, click here.
Creating and Editing Policies
Policies allow you to apply your security requirements over the suppliers to be reviewed on Risk Ledger. At their most basic, policies are a list of security controls that you require the Suppliers you work with to have implemented.
To find out more about how policies work, stacking policies and further guidance, click here.
Inviting New (Non-Existing) Suppliers to Risk Ledger
To invite a new supplier to the platform, follow these steps:
Navigate to the search bar located on the left-hand side of the screen.
Type the name of the supplier you wish to invite.
From the search results, select the option labeled โ+ Create Supplierโ.
To find out more information on inviting your suppliers to the platform, click here.
Connecting with Existing Suppliers on Risk Ledger
If a supplier you wish to review already has an active profile on Risk Ledger, you should send them a connection request.
For more information, learn more here.
Applying Policies to Your Suppliers and Understanding the Compliance Score
As suppliers signup to the platform and complete their security profiles, you can setup your policies within Risk Ledger and assign supplier tags to automatically calculate a compliance score.
What is Compliance?
Compliance is a measure of how many of the security controls that a supplier has implemented align with the requirements that you have applied over that supplier, within your applicable policies.
How is The Compliance Score Calculated on Risk Ledger?
A suppliers compliance score is automatically calculated by looking at the applicable requirements in your policies and comparing them against a suppliers assessment to give you a percentage output as a score.
To learn more about how to manage the compliance score and how you can apply exemptions, click here.
Opening Risks Against your Suppliers Assessment
Youโre able to view, open and manage supply chain risks for all of your connected suppliers within the Risks dashboard. Click Risks from the left hand side navigation menu. The dashboard displays the Risk ID number, Risk name, Supplier name and other useful data like the Risk Score and Risk Owner. The data on this table can be filtered and exported to CSV.
You can view Risks in a number of places throughout your account:
Risks Dashboard - the dashboard is accessed from the left hand side menu panel
Click into the Supplier
Click the Risk tab and select a Risk
Click the Assessment tab and expanding a control with a Risk. Click the View button next to the Risk to view the data
Click the Activity tab and and select an activity item relating to the Risk
Starting a Discussion with your Suppliers
You can start a discussion regarding the Emerging Threats with your supplier. To start or respond to a discussion, select the Discussion Tab which can be seen highlighted below. This page will also show a timeline of the changes you have made to your response.
Find out more by clicking here.
Remediation Requests
What is a Remediation Request?
If you have noticed that a supplier you're reviewing does not have the required security controls or policies in place, you can send a remediation request to your supplier to request they review the requirements and make any required updates.
How can I raise a remediation request on a suppliers answer?
To launch a remediation to request a formal action by your supplier for a specific control, by a certain date. For example, if your security policy requires a supplier to implement a certain control which they have not currently implemented or if a control is out of date and needs to be updated.
To learn more about remediations, click here.
Approval Workflows
Once you have reviewed a supplier on Risk Ledger, you can either approve or reject the assessment or send an approval request to a colleague via email for business approval with your recommendation based on the review.
The Different Kind of Approval Flows
In Platform Approval: Once a supplier profile has been reviewed by your business, you can indicate their approval status in platform.
Request Business Approval: When a colleague who does not have user access to Risk Ledger needs to approve a supplier, you can use the Request Business Approval Feature.
Assign Multiple Approvers: Multiple users can be assigned to approve a supplier or reject the supplier. The users assigned will receive an email notification requesting them to review the supplier and assign them an approval status.
To learn more about approval workflows and how to setup your approval workflows to work for you, click here.
๐ก If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.