All Collections
Supplier Guide - Responding to Client Risk Assessment Requests
Completing Your Assessment
Completing your Supplier Assessment Questionnaire
Completing your Supplier Assessment Questionnaire
Monique van der Zwaag avatar
Written by Monique van der Zwaag
Updated over a week ago

Getting Started

After activating your supplier account you will be on the Getting Started page where the platform guides you to:

  • Add Users - Add as many users as you need to help collaborate in completing your own security questionnaire. Users can be added so they only access the supplier mode of the platform and. This means any colleagues added to the supplier mode are restricted from accessing any client mode work that is being undertaken on your own supply chain.

  • Complete Assessment - firstly answer a short set of scoping questions which determines the sections that are relevant to your organisation from the full assessment framework.

The scoping questions tailors the content of the security profile to your organisation.

Completing the Assessment Questionnaire

Answer based on organisational level controls:

The Risk Ledger questionnaire must be answered at the highest organisational level, not based upon a specific product or service. The answers must cover what your organisation has put in place to protect itself from security incidents.

This is because the questionnaire is standardised, so your organisation only answers one questionnaire which is then viewed by the multiple clients you grant access to. Instead of having to repeatedly answer different questionnaires from clients or prospects, you simply use your existing Risk Ledger security questionnaire.

Scoping questions

The first step is completing the 5 scoping questions. You can change your answers to the scoping questions at any time.

  • Does your organisation hold any certifications in information security?

  • Does your organisation develop any applications or systems that collect, process, or store data on behalf of clients?

  • Does your organisation own or maintain a corporate network, cloud environment, or any application hosting infrastructure?

  • Does your organisation rely upon any physical premises, such as offices, warehouses or data centres?

  • Does your organisation collect, process, or store personal data, other than that of your own employees?

Once you have added your answers you can select the green Continue button to proceed.

Completing the assessment questionnaire

Next you will see the full security assessment questionnaire and will need to answer all of the questions that have been deemed relevant to your organisation, based on your answers to the scoping questions.

Click the begin button to access a specific section to add your information.

Within each question you must provide your answer which is typically a yes / no answer. Occassionally questions are numerical values or multiple choice.

Optionally you can add:

  • Documentation and evidence - for advice on what to upload see our Guide to uploading evidence

  • Notes to provide extract context for your answers

You can also Bookmark questions to easily return to these later.

If you need help with the meaning of a question, click on the blue link Learn more about this question which takes you to a further description of that question within the Supplier Assessment Knowledge Base.

If a section is out of scope, you will not need to answer those questions. Once you have submitted your assessment tour client will be able to see the domains that are out of scope and will be able to send a discussion to your organisation if they need to discuss this further.

Once you have answered all the in scope questions you will be able to Submit your assessment. Only once you have submitted the assessment will any of your connected clients be able to see your data.

Your organisation has full control over which clients can see the data within your security profile.

Did this answer your question?