Skip to main content
Supplier Managed Profiles

A quick guide on the Managed Profiles currently on the platform

J
Written by Jack Mason
Updated over 2 months ago

Managed Profiles on Risk Ledger were created to allow clients to see the security controls of a few big-name suppliers, without having to manage supplier pushback or internal processes.

What are Managed Profiles?

Managed Profiles are profiles created and managed by the security team here at Risk Ledger. They allow clients to see the security controls implemented by bigger vendors without the need for a point of contact or engagement.

With the likes of these organisations, they generally have mature and robust internal reporting systems which are often automated. Therefore, a solution like Risk Ledger would add in a manual process which isn't always attractive.

However, Risk Ledger also sees that these technologies are used by a large number of organisations and on a regular basis, so proper due diligence and continuous monitoring of their controls is of high importance to maintain a strong third-party risk management program.

The profiles themselves are maintained and managed by our security team, using information in the public domain and the risk assessment documents available from these vendors. They complete reassessments in the same way, and we strive to keep the information as up-to-date as possible.


Who are the Managed Profiles?

Risk Ledger currently has five managed profiles on the platform:

  • Github

  • Atlassian

  • Amazon Web Services (AWS)

  • Google Cloud Platform (GCP)

  • Microsoft Cloud Services (O365/Azure)

These can be identified by a small blue tag next to their name, containing the words "RL Managed":


Remediations and Discussions

Due to the fact that these are owned and managed by Risk Ledger, you are unable to open discussions or remediations with these profiles.

Mitigation and extra context is provided (where applicable) under each control to allow you to see the fullest information we have, and Risks, Exemptions and Non-Compliances can all be applied as usual. This will allow you to build a comprehensive risk picture in line with your policies.


Can I add my own Managed Profiles?

At present, no. We have had feedback from our client base that the ability to create your own managed profile, seen only by you and added only to your network, would be useful for suppliers who don't wish to join Risk Ledger. This has been passed to our product development team as a possible future feature.


Can I request a Managed Profile be Added?

Risk Ledger has no current plans to add any further Managed Profiles to the network.

This is under constant review, and is based on feedback from clients around which suppliers the majority of our clients wish to connect with.

We always work with suppliers and encourage them to join the platform directly, speaking with them about their objections and understanding any hesitancy or further steps we would need to take to make this happen.

Our security team must also weigh up the time and effort spent maintaining these profiles, along with our own security profile alongside their day to day efforts in securing the business.


💡 If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.

Did this answer your question?