Skip to main content
How to Categorise & Tag Suppliers

This article explains what the 3 categories for tagging suppliers are and how to use them.

Ish Ladak avatar
Written by Ish Ladak
Updated over 3 months ago

Tagging Your Suppliers in Risk Ledger Based on Their Categorisation

You can tag your suppliers on Risk Ledger based on three categories:

  • Criticality

  • Confidentiality

  • PII (Personally Identifiable Information)

These tags will determine the risk requirements for a specific supplier and drive the policies that are set over their assessment.

The Supplier Tags can be found on the right hand side of a supplier’s Overview page:


Criticality Tag

The key question to ask is: How big of an impact would a breach of confidentiality or availability of service at a supplier impact your own business?

Critical

High impact and dependency, e.g. business highly dependent on this supplier - will cause service outage, supplier strategically significant to the business, high contract value, high risk to clients and difficult to replace.

Important

Moderate impact and dependency, e.g. bespoke service but alternatives available, disruption of service would require escalation to executive team but may not cause full service outage, potential risk to clients.

Minor

Business not dependent on this supplier, e.g. services not bespoke to business, not of strategic significance, low contract value, low risk and easy to replace.


Confidentiality Tag

The key question to ask is: What is the amount and classification of data shared with supplier?

Highly Confidential

Sharing and processing of significant amount of highly confidential data; breach would likely result in regulatory action or significant negative business impact.

Confidential

Sharing and processing of confidential data; breach may result in regulatory action or negative business impact.

Public

No sharing of confidential data; no regulatory consequences and no negative business impact in the event of a breach.

None

No sharing of data.


PII (Personally Identifiable Information) Tag

The key question to ask is: Do we share any personal data with this supplier?

Holds PII

Yes, PII is shared.

No PII

No, PII is not shared.


💡If you would like support to embed Risk Ledger into your organisation's team structure, contact us at customersuccess@riskledger.com and we can schedule a free session to support you.

Did this answer your question?