Skip to main content
Risk Ledger Terminology

This article will guide you through the terminology we use on the Risk Ledger platform.

Kian avatar
Written by Kian
Updated over 11 months ago

We appreciate that our terminology might be new to you, so below we have included a brief definition of the common terms you will come across when using Risk Ledger.

Action

An event that requires an organisation to perform a function in order to close. An action can be sent from one organisation to another and be incoming or outgoing.

Answer

Made by a supplier to a specific control and includes notes and evidence.

Client

An organisation that is running an assurance programme and has connections to many suppliers.

Connection

The relationship between a client and supplier. The client can set tags on the connection.

Control

A question that suppliers answer, and clients set requirements on.

Domain

A grouping of controls.

Exemption

Applied by a client to a supplier's answers, exempting them from the requirement and changing non-compliance into compliance.

Non-Compliance

Applied by a client to a supplier's answer, changing compliance inro non-compliance.

Notification

An event that an organisation should be aware of, but may not require a response.

Organisation

Represents the main entities that use the platform, whether as a client or supplier.

Policy

A group of requirements, one per control. Made by clients and applied to suppliers via tags.

Policy Stacking

A stack of Policies are all the Policies that apply to a single supplier. They are reconciled with the highest level of control requirements being applied to the supplier.

Remediation

Action applied by a client to a supplier's answer, requesting supplier to rememdiate a non-compliant answer.

Review

A confirmation from a supplier that each of their answers are up-to-date and correct, at the time of the review.

Supplier

An organisation that is assessed over their security controls and has connections to clients.

Tag

A label that is applied by a client to a connection with a supplier. Includes a criticality rating, a data confidentiality rating and a PII flag.

User

Describes an individual person's account which is associated with an organisation.


πŸ’‘ If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.

Did this answer your question?