π‘ You can edit your security profile on Risk Ledger at any point to keep the information up to date. Any updates will be automatically updated for your client connections as well.
We are dedicated to helping you reduce the time and cost of responding to security due diligence requests by ensuring you can share access to your Risk Ledger security profile as easily and as often as you choose.
To ensure this works for both you and your clients, Risk Ledger is built on a "continuous monitoring" model, meaning that your client will receive your most up to date information without you ever having to complete another assessment again.
This has the following benefits to suppliers:
The platform alerts you when it is time to update your assessment and this is quick and easy to complete,
Your profile can be shared with all teams across your organisation so that colleagues have access to live and up-to-date information,
You will not have to fill out another assessment when it comes to your Client running a re-approval on your profile.
Changing the scope of your security profile
The scope of your security profile may need to change over time to reflect changes in your organisation and the products and services you deliver.
Adding a risk domain to your security profile
If a risk domain becomes relevant to your organisation and you need to add it to your security profile, navigate to the main assessment page and click on the risk domain you want to bring into scope.
The first question under this risk domain is the scoping question. Change your response to 'yes' to bring it into scope.
Now you can complete your profile under this domain.
Removing a risk domain from your security profile
π‘ Your profile should be answered at an organisational level, so be sure to answer yes to any scoping questions which are relevant to your organisation as a whole. Although you can update this answer at any time, answering no means that you will not be able to provide any answers for that domain and may miss out on an important control.
If a risk domain is no longer in scope for your organisation, navigate to the main assessment page and click on the the risk domain you want to remove from your security profile.
If the domain has a scoping question, this will be the first question that appears. Change your response to 'no' to mark the whole domain out of scope for your organisation.
The risk domain will now be greyed out and auto-filled as N/A.
The image below shows the scoping question at the start of the Security Certifications risk domain.
Changing responses to specific risk controls on your security profile
It is natural for your organisation's security risk management regime to change over time and it is important to update your security profile to reflect this so that your clients can see how seriously you are taking security and understand the implications for them.
To update your response to a specific risk control, navigate to the main assessment page and click on the relevant risk domain.
You will still see the option to select 'Yes' or 'No' in response to the risk control question and you can update each textbox and the supporting evidence.
The image below shows the view you will see when you click into a risk control update your response.
