Risk Ledger has been designed to make it easy and efficient for you to collaborate with any other colleagues relevant to the process of responding to security due diligence requests from clients.
Who will need to have user access
The initial invite to the Risk Ledger platform by a client will be sent to their main point of contact within your organisation. This is often a sales or account management contact.
💡 Your Risk Ledger security profile will require input from various teams who manage the implementation of risk controls for your organisation. It is free and easy to add these colleagues as users on the platform so they can complete the sections of the profile relevant to their responsibilities.
After receiving an invite to complete a security profile on Risk Ledger by a Client, you should invite the following people as users to collaborate on completing the profile. :
the Head of Information Security,
an IT manager
a Compliance manager
Why use Risk Ledger?
Despite being free to use for suppliers, we have provided a breakdown of the value the platform delivers for various colleagues or teams (see table below).
We appreciate that each organisation is different and team structures may vary so this is a general guideline.
If you would like support to embed Risk Ledger into your organisation’s team structure, contact us and we can schedule a free session to support you.
Roles & Responsibilities
Roles and Responsibilities | Value for Team | Responsibilities |
Sales and Account Management | • Shorten Sales cycles. • Improve margins (reduce resource required to win business). • Strengthen client relationships with security transparency. | • Manage client connections • Respond to security requests made outside of Risk Ledger by using the ‘Share’ profile function. • Refer back to the security team where there are security specific questions from clients that require their input. • Proactively use your Risk Ledger profile to win new business and/or during your RFP processes. |
Compliance | • Efficient and dynamic way to drive better security. • Easily manage governance and compliance internally. | • Ensure profile is updated at least every 6 months. |
Security | • Significantly reduce the number of assessments required to complete. • Focus time more on improving security internally. • Improve security resilience of the supply chain. • Push better governance down the supply chain. | • Complete all security risk domains on the Risk Ledger security profile. • Ensure all security control responses are updated at least every 6 months. • Provide evidence and notes to validate controls where relevant or requested by clients. • For all client specific responses use the discussions feature. • Review the "Action Centre" to respond to any client discussions or remediation requests. |
IT | • Significantly reduce the number of assessments required to complete. • Focus time more on maintaining and improving IT security controls internally. | • Complete all IT security control questions on the Risk Ledger security profile. • Ensure all IT control responses are updated at least every 6 months. • Provide evidence and notes to validate controls where relevant or requested by clients. • For all client specific responses use the discussions feature. • Review the "Action Centre" to respond to any client discussions or remediation requests. |