On 31st January 2023, we made some changes to the standardised controls framework within Risk Ledger.

We do this bi-annually so that the framework stays relevant, useful and practical for all users of the Risk Ledger platform.

All changes have been handled automatically within the platform and marked clearly with a full audit history kept within your activity feed.

This page gives you a summary of the changes that have been implemented.

If you have already submitted your assessment and your profile is up to date, you do not have to make any changes until your next 6 monthly re-assessment is due or one of your clients asks you to complete a new control question or update an answer.

You will need to answer the new control questions before you can submit your next re-assessment.

If you have not yet submitted your assessment, you will need to answer the new control questions before you submit.

You will also need to review your answers to the control questions where wording has been updated to re-confirm that you are happy with your answer.

The Business Resilience domain within the Risk Ledger controls framework is in need of some improvement. We have took this opportunity to review all previous feedback received relating to Business Resilience alongside industry standards and best practise and have made some updates which should allow you to better showcase your resilience to your clients. There are three brand new controls added to the Business Resilience domain, and four of the existing controls will be modified.

There have been a couple of other small changes to update and clarify the wording of controls. One control (F30) will be deprecated as it is an unnecessary duplication of a control from another domain. F12 will be updated to ensure the same level of information is captured.