Uploading evidence is a crucial step in the assessment process for suppliers. Suppliers who upload evidence typically have their assessments reviewed and approved quicker, with significantly less back-and-forth with their clients. By providing all the necessary information upfront, suppliers can eliminate the need for clients to request additional information, which can be time-consuming and lead to delays in the assessment process.

You are able to upload documentation to any question. Your client may not require evidence for each question but the more evidence that suppliers upload during the initial assessment, the faster their clients can complete their review. The following questions are examples of where clients will typically expect to see evidence uploaded ⬇️

A.3: Does your organisation have a documented Cybersecurity Policy or Information Security Policy?

B.1: Is your organisation Cyber Essentials certified?

B.2: Is your organisation Cyber Essentials Plus certified?

B.3: Is your organisation ISO27001 certified?

F.22: Does your organisation conduct regular penetration tests (or red teams) of its internal systems (that assumes a compromise of perimeter controls)?

J.5: Does your organisation have an up-to-date Data Protection Policy?

The wording may change depending on what you need to upload, and this can range from a certificate proving that you are certified, through to report summaries which verify your response to the control. You are able to upload redacted versions of any reports which may contain sensitive information.

You can upload evidence quickly and easily by selecting the 'Select Evidence' button as shown below:

You will then be asked to select your document, once selected you can hit 'Open' and this will import the document into your Risk Ledger assessment.

Once uploaded, the question will look like the below, and you will be able to see that your document is now attached to the question just below the 'Select Evidence' option.

We provide more information on the safety of your information HERE.

All evidence documents are encrypted-at-rest and in transit. Evidence documents are stored in AWS S3 and have strict security controls with short-lived tokens used to grant access to authorised users.

We only allow authenticated users of an organisation that a supplier has chosen to connect with in the Risk Ledger platform to access these evidence files and no other organisations will be able to see or access anything within your profile until a connection request is accepted.

Finally, you have the ability to remove any attached evidence or remove a connection with a client at any time.

💡 Please navigate to the supplier help centre Directory for more information and helpful articles, if there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.