Tagging Your Suppliers in Risk Ledger Based on Their Categorisation

You can tag your suppliers on Risk Ledger based on three categories:

These tags will determine the risk requirements for a specific supplier and drive the policies that are set over their assessment.

The Supplier Tags can be found on the supplier's 'Overview' page:

Criticality Tag

The key question to ask is how big of an impact would a breach of confidentiality or availability of service at supplier impact your own buisness?

Critical	High impact and dependency. E.g. business highly dependent on this supplier - will cause service outage, supplier strategically significant to the business, high contract value, high risk to clients and difficult to replace.
Important	Moderate impact and dependency. E.g. bespoke service but alternatives available, disruption of service would require escalation to executive team but may not cause full service outage, potential risk to clients.
Minor	Business not dependent on this supplier. E.g. services not bespoke to business, not of strategic significance, low contract value, low risk and easy to replace.

The key question to ask is what is the amount and classification of data shared with supplier?

Highly Confidential	Sharing and processing of significant amount of highly confidential data; breach would likely result in regulatory action or significant negative business impact.
Confidential	Sharing and processing of confidential data; breach may result in regulatory action or negative business impact.
Public	No sharing of confidential data; no regulatory consequences and no negative business impact in the event of a breach.
None	No sharing of data.

The key question to ask is do we share any personal data with this supplier?

Holds PII	Yes, PII is shared.
No PII	No, PII is not shared.

💡If you would like to embed Risk Ledger into your organization's team structure, contact us and we can schedule a free session to support you.