On 31st July 2023, we made some changes to the standardised controls framework within Risk Ledger.

We do this bi-annually (every six months) so that the framework stays relevant, useful and practical for all users of the Risk Ledger platform.

All changes have been handled automatically within the platform and marked clearly with a full audit history kept within your activity feed.

This page gives you a summary of the changes that are coming.

If you have already submitted your assessment and your profile is up to date, you do not need to make any changes until your next 6 monthly re-assessment is due or one of your clients asks you to complete a new control question.

You will need to answer the new control question(s) before you can submit your next re-assessment.

If you have not yet submitted your assessment, you will need to answer the new control question(s) before you submit.

We have added four new questions to the Environmental, Social and Governance (ESG) domain requesting data regarding your scope 1, scope 2 and scope 3 emissions, as defined by Greenhouse Gas (GHG) Protocol standards. These questions are nested so that suppliers who are not in a position to provide emissions data will only see one additional question. If you do not measure your greenhouse gas emissions, you can answer ‘No’ to this question.

We have added these questions as more and more organisations are struggling to gather the data they need to accurately report emissions as part of their Carbon Reduction Plan.

Our focus remains on Information Security.

There are a couple of other small changes we’ve made to update and clarify the wording of controls. These updates do not affect the meaning of the controls.