Skip to main content
Completing your Supplier Assessment Questionnaire

Here is a guide to completing your assessment as a supplier user, and all of the resources available.

Kian avatar
Written by Kian
Updated over 3 months ago

Getting Started

After activating your supplier account you will be on the Getting Started page where the platform guides you to:

  • Add Users - Add as many users as you need to help collaborate in completing your own security questionnaire. Users can be added so they only access the supplier mode of the platform and. This means any colleagues added to the supplier mode are restricted from accessing any client mode work that is being undertaken on your own supply chain.

  • Complete Assessment - firstly answer a short set of scoping questions which determines the sections that are relevant to your organisation from the full assessment framework.

💡 You can use Quick Answer to help you complete your assessment. Quick Answer will provide suggestions based on the documents you upload and previous questionnaires you provide. Find out more here.


Answer Based on Organisational Level Controls:

The Risk Ledger questionnaire must be answered at the highest organisational level, not based upon a specific product or service. The answers must cover what your organisation has put in place to protect itself from security incidents.

This is because the questionnaire is standardised, so your organisation only answers one questionnaire which is then viewed by the multiple clients you grant access to. Instead of having to repeatedly answer different questionnaires from clients or prospects, you simply use your existing Risk Ledger security questionnaire.


Scoping Questions

The first step is completing the 5 scoping questions. You can change your answers to the scoping questions at any time.

  • Does your organisation hold any certifications in information security?

  • Does your organisation develop any applications or systems that collect, process, or store data on behalf of clients?

  • Does your organisation own or maintain a corporate network, cloud environment, or any application hosting infrastructure?

  • Does your organisation rely upon any physical premises, such as offices, warehouses or data centres?

  • Does your organisation collect, process, or store personal data, other than that of your own employees?

Once you have added your answers you can select the green Continue button to proceed.


Completing the assessment questionnaire

Next you will see the full security assessment questionnaire and will need to answer all of the questions that have been deemed relevant to your organisation, based on your answers to the scoping questions.

Click the begin option to access a specific section to add your information.

Within each question you must provide your answer which is typically a yes/no answer and occasionally questions are numerical values or multiple choice.

💡 Optionally you can add:

  • Notes to provide extract context for your answers.

You can also Bookmark questions to easily return to these later.


Knowledge Base

If you need help with the meaning of a question, click on the blue link Learn more about this question which takes you to a further description of that question within the Supplier Assessment Knowledge Base.

If a section is out of scope, you will not need to answer those questions. Once you have submitted your assessment tour client will be able to see the domains that are out of scope and will be able to send a discussion to your organisation if they need to discuss this further.

Once you have answered all the in scope questions you will be able to Submit your assessment.

Only once you have submitted the assessment will any of your connected clients be able to see your data.

Your organisation has full control over which clients can see the data within your security profile.


💡 If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.

Did this answer your question?