Skip to main content
All CollectionsControls FrameworkUpdates Changelog
Framework Changes - Clients - January 2023
Framework Changes - Clients - January 2023
Kian avatar
Written by Kian
Updated over a year ago

On 31st January 2023, we made some changes to the standardised control framework within Risk Ledger.

We do this bi-annually so that the framework stays relevant, useful and practical for all users of the Risk Ledger platform.

All changes have been handled automatically within the platform and marked clearly with a full audit history kept within your activity feed.

This page gives you a summary of the changes that have been implemented.


As a client, what do you need to do?

There is nothing you need to do immediately. You can continue using Risk Ledger in exactly the same way as before. Once the changes are in place, you may wish to do the following:

  • Define your policy requirements for the new controls added,

  • Review the wording updates to check whether you'd like to open a discussion with suppliers about any of the updated controls,

  • Engage with your suppliers who haven't yet answered the new control questions. Suppliers will be required to answer the new control questions during their 6-monthly re-assessment. If you’d like them to provide answers before this date, you will need to prompt them by sending a discussion.

Initially, you may notice a very small increase in compliance scores for your suppliers. This is because the new controls will default to 'Not required' in your policies until you choose otherwise.


What’s changing?

Business Resilience

The Business Resilience domain within the Risk Ledger controls framework is in need of some improvement. We have took this opportunity to review all previous feedback received relating to Business Resilience alongside industry standards and best practise and have created some updates which should allow you to gather more meaningful data on the resilience of your suppliers. There are three brand new controls added to the Business Resilience domain, and four of the existing controls will be modified.

Small Changes

There are also a couple of other small changes to update and clarify the wording of controls. One control (F30) will be deprecated as it is an unnecessary duplication of a control from another domain. F12 will be updated to ensure the same level of information is captured.


Did this answer your question?