The tabs at the top of the page allow you to navigate to different areas of the supplier profile and important actions.
The tabs you will see are:
Overview - The overview tab displays the overall compliance score. The overall compliance score is the suppliers compliance with the policies you have applied.
π‘ If the compliance score is showing as 100%, check that tags have been applied. The score will show as 100% if no tags are applied.
When tags are applied, it will list the resulting policies that are being applied to the suppliers profile.
Next to the compliance score you can view:
Number of exemptions applied.
Non-compliance applied.
Remediation requests.
Remediation responses.
You are able to click on each of these to view the linked data.
Activity - A full audit log of any changes. This includes changes the supplier has made to their profile and any changes your organisation has made against the profile. Changes such as compliance score, changes in tags, changes made to controls, and approvals will show here. Once in the activity log, click on the activity cards for more information on the updates that occurred.
Assessment - Displays all assessment controls. You can then click into individual controls to review answers further and taken action such as start a discussion, apply an exemption or request formal remediation.
Emerging Threats - An emerging threat is something new and potentially not fully understood that could pose a risk to an organisation. For example; when a new vulnerability is reported, it can become a race against time between attackers and defenders. You can view any ETs relevant to your supplier here
Risks - An area to track and manage your risks. When you review your suppliers' security posture, open and track any risks that you've identified with them, on a specific control, or generic risks not tied to a specific supplier.
Evidence - A summary of all the evidence the supplier has uploaded to support their assessment responses.
Discussions - If you have a query that falls outside a specific control, you can start a general discussion with your supplier here. You can also filter to view all active or archived discussions.
Private Notes - An area for your organisation to leave notes on the supplier. Private notes can only be viewed by users of your organisation and not by the supplier. Notes are able to be pinned so other users can easily view these. You may use private notes for the approval process when collaborating with multiple teams in your organisation.
About - Basic information about the supplier including their organisation name, address and website.
Additional Features
Regardless of the tab you are viewing, you will always see the following options:
Should you need to export the information about a specific supplier, you can export a copy of the supplier assessment as a PDF or CSV. When exporting as a PDF you can choose what will be included on the report. A CSV will download all data. You can also choose to open a risk against a specific supplier.
Approval Status:
This indicates the approval status of the supplier review. Please see our help guide on setting approval for supplier reviews.
Last Assessment and Re-Assessment Section:
The last assessment date is the last date your supplier completed their assessment. Every 6 months your supplier is prompted by Risk Ledger to completed re-assessment. During the re-assessment the supplier must confirm that the answers they have provided are still up to date and if their security measures have changed they must update their answers to reflect this.
This is separate from your organisations approval process and status.
π‘ If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.