All Collections
Controls Framework
How do we manage the Framework?
How do we manage the Framework?

In this article we will describe how we research and keep our framework up-to-date.

Kian avatar
Written by Kian
Updated over a week ago

The Risk Ledger standardised control framework is updated every six months to ensure it stays relevant, useful and practical for all users of the Risk Ledger platform.

All changes are handled automatically within the platform and marked clearly with a full audit history kept within your activity feed.

What kind of changes are made during a framework review?

There are three types of changes that can occur during these framework updates:

  • New controls can be added

    • Brand new controls may be added into the framework.

  • Existing controls can be deprecated

    • Existing controls mat be deprecated where they are no longer relevant or replaced by new controls. The question, answers and activity feed related to these controls will remain visible within the platform in order to maintain an audit history. However, suppliers will no longer be able to amend their answers and the control will not contribute to compliance scores.

  • Existing controls may be modified

    • Existing controls may be modified to reduce ambiguity, update the language or otherwise improve the usefulness of the control. If the meaning or scope of the control has changed, suppliers will be prompted to re-confirm their answers and all changes will be clearly marked within the activity feed.

How do we decide which changes should be made?

To assess which changes should be made, we take into account the following factors:

  • Any feedback which has been received from Risk Ledger users (Clients & Suppliers)

  • Changes which may have occurred to industry standards.

  • Any technology and security trends.

  • Usage data which has been gathered from the platform (e.g. if supplier's are struggling to understand or answer any particular questions).

What principles do we follow when making decisions about framework changes?

When making decisions about any framework changes, the following principles are followed:

  • The framework should provide useful, actionable data to clients about their supply chain. It should provide comprehensive meaningful data, detailed enough for clients to make informed risk decisions, but in a format in which allows analysis at scale.

  • The framework should be simple, practical and unambiguous to allow suppliers to populate their profiles with detailed information, easily. The framework should support and help suppliers to understand which controls they should have in place and give them information on how to implement controls via our Knowledge Base. The framework should be actionable for suppliers, with the ultimate aim of helping them to improve their own security.

  • The framework is standardised across all organisations on Risk Ledger. As such, any amendments or additions must be beneficial to the vast majority of organisations, regardless of industry or size. It is this standardisation that enables supply chain risk management at scale, positive supplier engagement, and the mapping of your supply chain into 4th, 5th, 6th parties.

Did this answer your question?