We appreciate that our terminology might be new to you, so below we have included a brief definition of the common terms you will come across when using Risk Ledger.
Action | An event that requires an organisation to perform a function in order to close. An action can be sent from one organisation to another and be incoming or outgoing. |
Answer | Made by a supplier to a specific control and includes notes and evidence. |
Client | An organisation that is running an assurance programme and has connections to many suppliers. |
Connection | The relationship between a client and supplier. The client can set tags on the connection. |
Control | A question that suppliers answer, and clients set requirements on. |
Domain | A grouping of controls. |
Exemption | Applied by a client to a supplier's answers, exempting them from the requirement and changing non-compliance into compliance. |
Non-Compliance | Applied by a client to a supplier's answer, changing compliance inro non-compliance. |
Notification | An event that an organisation should be aware of, but may not require a response. |
Organisation | Represents the main entities that use the platform, whether as a client or supplier. |
Policy | A group of requirements, one per control. Made by clients and applied to suppliers via tags. |
Policy Stacking | A stack of Policies are all the Policies that apply to a single supplier. They are reconciled with the highest level of control requirements being applied to the supplier. |
Remediation | Action applied by a client to a supplier's answer, requesting supplier to rememdiate a non-compliant answer. |
Review | A confirmation from a supplier that each of their answers are up-to-date and correct, at the time of the review. |
Supplier | An organisation that is assessed over their security controls and has connections to clients. |
Tag | A label that is applied by a client to a connection with a supplier. Includes a criticality rating, a data confidentiality rating and a PII flag. |
User | Describes an individual person's account which is associated with an organisation. |
π‘ If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.