Skip to main content
All CollectionsClient Guide - Reviewing Your Suppliers
Client Onboarding Guide
Client Onboarding Guide

This directory will serve as your go-to knowledge base for getting started with Risk Ledger.

Kian avatar
Written by Kian
Updated today

We have designed the Risk Ledger platform to enable you to easily run a third-party risk management programme at speed and at scale so you can identify, measure and mitigate risks across your supply chain using data collected directly from your suppliers.

If you need support that you can't find in this guide, contact our support team using the bubble at the bottom right of your screen when you are logged into the Risk Ledger platform or on our website.

Getting Started on Risk Ledger

  1. Create your client account. This process will only take around 5 minutes to complete. Learn more about the signup flow here.

  2. Add users to effectively manage your account. The type of job roles that typically use Risk Ledger are:

    1. Cyber Security

    2. Information Security

    3. Supply Chain Assurance

    4. Information Technology

    5. Procurement

    6. Commercial

Once you have completed the above steps, check out the content below for a guide on setting up the platform and best practices.

Setting up your Tags

You can tag your suppliers on Risk Ledger based on three categories:

  • Criticality

  • Confidentiality

  • PII (Personally Identifiable Information)

These tags will determine the risk requirements for a specific supplier and drive the policies that are set over their assessment.

To find out more about tags and what each option represents, click here.

Setting up Custom Properties

Custom Properties allow you to add the Supplier context that matters to you and your team. This will help you to stay organised and give you the structured data you need when reviewing your entire supplier base. Using Custom Properties you are able to define your own Custom Properties with the types below and easily filter, sort and export your full supplier list.

To find out more about custom properties, click here.

Setting up your Supplier Labels

Labels are custom sub-categorises that can be applied to suppliers. You can create and apply custom labels to your suppliers to improve filtering, reporting and your policy setup on different groups of suppliers.

To find out more about labels, click here.

Creating and Editing Policies

Policies allow you to apply your security requirements over the suppliers to be reviewed on Risk Ledger. At their most basic, policies are a list of security controls that you require the Suppliers you work with to have implemented.

To find out more about how policies work, stacking policies and further guidance, click here.

Inviting New (Non-Existing) Suppliers to Risk Ledger

To invite a new supplier to the platform, follow these steps:

  1. Navigate to the search bar located on the left-hand side of the screen.

  2. Type the name of the supplier you wish to invite.

  3. From the search results, select the option labeled โ€œ+ Create Supplierโ€.

To find out more information on inviting your suppliers to the platform, click here.

Connecting with Existing Suppliers on Risk Ledger

If a supplier you wish to review already has an active profile on Risk Ledger, you should send them a connection request.

For more information, learn more here.

Applying Policies to Your Suppliers and Understanding the Compliance Score

As suppliers signup to the platform and complete their security profiles, you can setup your policies within Risk Ledger and assign supplier tags to automatically calculate a compliance score.

What is Compliance?

Compliance is a measure of how many of the security controls that a supplier has implemented align with the requirements that you have applied over that supplier, within your applicable policies.

How is The Compliance Score Calculated on Risk Ledger?

A suppliers compliance score is automatically calculated by looking at the applicable requirements in your policies and comparing them against a suppliers assessment to give you a percentage output as a score.

To learn more about how to manage the compliance score and how you can apply exemptions, click here.

Opening Risks Against your Suppliers Assessment

Youโ€™re able to view, open and manage supply chain risks for all of your connected suppliers within the Risks dashboard. Click Risks from the left hand side navigation menu. The dashboard displays the Risk ID number, Risk name, Supplier name and other useful data like the Risk Score and Risk Owner. The data on this table can be filtered and exported to CSV.


You can view Risks in a number of places throughout your account:

  • Risks Dashboard - the dashboard is accessed from the left hand side menu panel

  • Navigating to a Connected Supplier

    • Click into the Supplier

    • Click the Risk tab and select a Risk

    • Click the Assessment tab and expanding a control with a Risk. Click the View button next to the Risk to view the data

    • Click the Activity tab and and select an activity item relating to the Risk

Starting a Discussion with your Suppliers

You can start a discussion regarding the Emerging Threats with your supplier. To start or respond to a discussion, select the Discussion Tab which can be seen highlighted below. This page will also show a timeline of the changes you have made to your response.

Find out more by clicking here.

Remediation Requests

What is a Remediation Request?

If you have noticed that a supplier you're reviewing does not have the required security controls or policies in place, you can send a remediation request to your supplier to request they review the requirements and make any required updates.

How can I raise a remediation request on a suppliers answer?

To launch a remediation to request a formal action by your supplier for a specific control, by a certain date. For example, if your security policy requires a supplier to implement a certain control which they have not currently implemented or if a control is out of date and needs to be updated.

To learn more about remediations, click here.

Approval Workflows

Once you have reviewed a supplier on Risk Ledger, you can either approve or reject the assessment or send an approval request to a colleague via email for business approval with your recommendation based on the review.

The Different Kind of Approval Flows

  • In Platform Approval: Once a supplier profile has been reviewed by your business, you can indicate their approval status in platform.

  • Request Business Approval: When a colleague who does not have user access to Risk Ledger needs to approve a supplier, you can use the Request Business Approval Feature.

  • Assign Multiple Approvers: Multiple users can be assigned to approve a supplier or reject the supplier. The users assigned will receive an email notification requesting them to review the supplier and assign them an approval status.

To learn more about approval workflows and how to setup your approval workflows to work for you, click here.

๐Ÿ’ก If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.

Related Articles
What are the different user role types on Risk Ledger?
Which suppliers should I onboard?
How can I see an activity log as a client?
Supplier Introduction
How can I share my security profile?
Did this answer your question?