This Supplier Onboarding Guide is designed to help your organisation get up and running on Risk Ledger. Whether you're completing your first assessment, inviting team members, or responding to client feedback, this guide will walk you through each step of the process.

Risk Ledger provides a single profile where you can demonstrate your security posture to multiple clients. This reduces duplication, streamlines compliance and helps you focus on what matters: maintaining strong security controls across your organisation and products.

This Supplier Onboarding Guide is designed to grow with you. We recommend bookmarking this page and referring back to it as needed. For more detailed walkthroughs, explore the full Help Centre or reach out to support@riskledger.com.

And you can find out more information regarding our Security, Privacy Policy and Terms of Service, here.

When your organisation is invited to join Risk Ledger as a supplier, the first step is to create your account. This enables you to complete your security assessment and share relevant information with your connected clients.

Once your account is active, you’ll be prompted to complete a brief setup process. This includes answering a short set of scoping questions, which help tailor the assessment framework to your organisation’s size, structure, and risk profile. Based on your responses, Risk Ledger generates a customised set of controls for you to review and complete.

If a client invites your organisation to Risk Ledger, the person receiving the invitation will be guided through account creation and profile activation after clicking the link in the received email invite.

If you need to bring in colleagues after the initial setup to collaborate with, you can do so by adding users. Each invited user will receive an email prompt to join your organisation’s profile. Please note, that only Admin and Lead Users can invite new users and assign roles.

Each user role provides a different level of access:

Users can be added via Settings > Users & Roles.

The Risk Ledger assessment is organised into domains, each covering a key area of security (e.g., Access Control, Data Protection, Physical Security). Within each domain, you’ll find specific controls to review and respond to.

For detailed information on our assessment framework, questions and supplementary information, please visit our framework Knowledge Base.

Your compliance score is calculated based on how your answers align with your clients’ policies. You can view a breakdown of your score per domain for each client via the Clients tab.

Auto-suggest allows you to pre-fill multiple controls with recommended responses based on documents and evidence you upload into Risk Ledger. It’s designed to reduce the manual effort required to complete your profile. It can only be used during your initial assessment.

Auto-suggest will:

Product Level Answers allow you to answer certain questions at the product or service level, rather than only at the organisational level. This is particularly useful if your security controls vary across different products or services your organisation offers.

You can:

Products are managed via the Settings > Products page. Once added, you can apply product-level answers directly within the assessment to specific controls.

Where relevant, you can upload supporting evidence to provide clients with further assurance. Evidence can be added to specific controls in the form of PDF documents, images, spreadsheets, or text.

Uploaded files are encrypted and securely stored. You can control visibility on a per-client basis.

Your organisation will receive Connection Requests from clients who want to view your security profile. When you accept a Connection Request, that client can access your profile and will be able to review your completed assessment.

You can also send CRs to existing or prospective clients via the Clients tab. Simply search for the organisation and send a request.

Once you submit your profile, connected clients are notified and will begin reviewing your responses against their internal policies.

You can track review progress and compliance status from the Clients tab.

Clients may raise Remediation Requests if your answers fall short of their policy requirements. These will appear as action items within your assessment, and you’ll be able to provide updates and supporting evidence in response.

Risk Ledger facilitates direct Discussions between you and your clients on specific controls. You can start or reply to discussions to clarify answers, provide context, or align on next steps.

You can share your security profile with additional clients who aren’t on the platform by sending them a Trust Centre Link. You only need to complete your assessment once; Risk Ledger allows you to reuse your profile with multiple clients, eliminating the need for multiple assessments.

To send a Trust Centre link, navigate to Trust Centre and create a share link, that you can forward directly or copy and paste to the right party.

You’ll receive in-platform and email notifications for key events, including:

Ensure your notification settings are enabled and that key users have access to view updates in real-time. You can also adjust your notifications by going to Settings > My notifications

External Monitoring is a feature that helps you understand your organisation's security posture from an outside perspective. It currently scans your email and web security configurations to identify potential security improvements.

Scan results are visible to External Monitoring customers, which allows them to see scan results alongside your assessment and Risk Ledger. This will help you:

If you’re finding value in the supplier mode of Risk Ledger, you can try client mode to begin managing your own supply chain. To do so, just switch to client mode using the toggle in the top left of the screen: