The Risk Ledger standardised control framework is updated every six months to ensure it stays relevant, useful and practical for all users of the Risk Ledger platform.
All changes are handled automatically within the platform and marked clearly with a full audit history kept within your activity feed and are documented in the 'Controls Framework' section of the help centre.
Here's an example of what an audit of control changes appears like in the platform's Activity Log:
What kind of changes are made during a framework review?
There are three types of changes that can occur during these framework updates:
New controls can be added
Brand new controls may be added into the framework.
Existing controls can be deprecated
Existing controls may be deprecated where they are no longer relevant or replaced by new controls. The question, answers and activity feed related to these controls will remain visible within the platform in order to maintain an audit history. However, suppliers will no longer be able to amend their answers and the control will not contribute to compliance scores.
Existing controls may be modified
Existing controls may be modified to reduce ambiguity, update the language or otherwise improve the usefulness of the control. If the meaning or scope of the control has changed, suppliers will be prompted to re-confirm their answers and all changes will be clearly marked within the activity feed.
How do we decide which changes should be made?
To assess which changes should be made, we take into account the following factors:
Any feedback which has been received from Risk Ledger users (Clients & Suppliers)
Changes which may have occurred to industry standards.
Any technology and security trends.
Usage data which has been gathered from the platform (e.g. if supplier's are struggling to understand or answer any particular questions).
What principles do we follow when making decisions about framework changes?
When making decisions about any framework changes, the following principles are followed:
The framework should provide useful, actionable data to clients about their supply chain. It should provide comprehensive meaningful data, detailed enough for clients to make informed risk decisions, but in a format in which allows analysis at scale.
The framework should be simple, practical and unambiguous to allow suppliers to populate their profiles with detailed information, easily. The framework should support and help suppliers to understand which controls they should have in place and give them information on how to implement controls via our Knowledge Base. The framework should be actionable for suppliers, with the ultimate aim of helping them to improve their own security.
The framework is standardised across all organisations on Risk Ledger. As such, any amendments or additions must be beneficial to the vast majority of organisations, regardless of industry or size. It is this standardisation that enables supply chain risk management at scale, positive supplier engagement, and the mapping of your supply chain into 4th, 5th, 6th parties.
๐ก If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.