ASCS for Analysts: Supply Chain Risk Monitoring

ASCS in Practice: How Security Analysts Use Risk Ledger for Supply Chain Visibility and Risk Monitoring

Tedious manual reviews. Point-in-time assessments. Limited visibility into nth-party risks.

Traditional TPRM is no longer sufficient for today’s interconnected supply chain (only 37.2% think TPRM is ‘truly effective’). That’s why IT Risk Analysts, InfoSec Managers and Data Protection Officers in heavily-regulated and highly-targeted sectors are moving toward Active Supply Chain Security (ASCS).

By standardising supplier security assessments, visualising the entire supplier network, continuously identifying threats and enabling collective defence, ASCS helps security analysts to:

Accelerate supplier onboarding.
Proactively mitigate threats.
Make a meaningful contribution to organisational - and ecosystem-wide - resilience.

Here’s how security analysts at Synectics Solutions, the Civil Aviation Authority (CAA), NHS Test and Trace and United Utilities are using Risk Ledger’s ASCS platform for supply chain visibility and risk monitoring.
‍

Standardised frameworks for supplier assessments

Aligned to major security standards and customisable to your needs, Risk Ledger’s standardised assessment framework creates a common language of risk, improves the quality of risk data, enhances your reviewing capability and speeds up supplier onboarding.

Customer Spotlight: Synectics Solutions

Synectics Solutions is a leading provider of fraud prevention and risk intelligence solutions, trusted by over 160 organisations across financial services and government.

Challenge: Synectics Solutions’ was relying on a laborious, manual TPRM process - based on customised questionnaires and spreadsheets - which was time-consuming and unscalable.

Solution: Risk Ledger's platform enabled Synectic’s compliance team to automate supplier assessments, standardise due diligence, and constantly monitor changing supplier profiles, while also delivering far-reaching visibility over their extended supply chain.

Result:

Clear, auditable records for new FCA compliance rules.
Seamless risk collaboration between internal teams.
Cut onboarding time in half.
‍

“I’d estimate that we spend less than half the time to onboard a new supplier using Risk Ledger than using previous processes.” Steve Sands, Information Security Consultant and Data Protection Officer, Synectics Solutions
‍

Full visibility over the supply chain

Risk Ledger visualises your entire ecosystem on a living network map, showcasing thousands of interlinked organisations at-a-glance. With this bird’s eye view - alongside visualisation tools like heatmaps and notifications when a supplier's security profile changes - you can easily see vulnerabilities posed by opaque deep-tier suppliers, identify critical concentration risks and monitor shifting supply chain risks in real-time.

Customer Spotlight: Civil Aviation Authority (CAA)

The UK’s independent aviation regulator, the Civil Aviation Authority, is responsible for ensuring the aviation industry - and its extensive supply chain - adheres to the highest international safety standards.

Challenge: The CAA’s spreadsheet-based supplier questionnaires were slowing down procurement processes and it had no way of continuously monitoring its suppliers’ security postures.

Solution: Risk Ledger automated and standardised the CAA’s risk assessments, enabled seamless on-platform collaboration with suppliers, and provided continuous reporting and insights capabilities.

Result:

Accelerated supplier onboarding and procurement processes.
Stayed up-to-date with real-time changes in suppliers’ security postures.
Greater visibility across its aviation supply chain ecosystem.

“The interface and dashboard exceeded initial expectations — it was great to have the ability to have a snapshot of all suppliers. The ability to pull a quick report is very useful, and gives me a lot of confidence when people ask how we’re managing supply chains.”

Matangi Patel, Information Security Officer, CAA
‍

Manage supply chain threats proactively

Risk Ledger overlays emerging threats on the network map in real-time, highlighting the ‘blast radius’ of impacted suppliers and showing you how the impact could cascade through the ecosystem. This enables you to prioritise remediation and seamlessly coordinate mitigation action with suppliers to prevent attackers spreading across the supply chain.

Customer Spotlight: NHS Test and Trace

Tasked with tracking and preventing the spread of Covid-19 in England, NHS Test and Trace needed to assess and manage a fast-growing supplier network.

Challenge: Most of NHS Test and Trace’s work was being carried out by valued partners, such as consultants, contractors, labs and universities, so the team needed an automated security solution that could scale quickly and be applied to multiple use cases.

Solution: Risk Ledger’s platform gave NHS Test and Trace oversight of their supplier connections - beyond just the first tier or third parties - and unparalleled visibility of supply chain risks in real-time.

Results:

Discovered an essential supplier was vulnerable to attack and worked together to improve its defences.

Identified and remediated critical concentration risks for three suppliers.

Seamlessly collaborated with its 450+ supply chain partners, leading to improved resilience for the entire network.
‍

“Risk Ledger provides us with a more holistic, real time view of our complex supply chain, helping to identify and remediate potential vulnerabilities and issues early.”

David Malkin, Divisional Information Security Officer (DISO), UKHSA.
‍

Collectively defend the whole network

With Risk Ledger’s platform acting as a single security hub for supply chain risks, you can seamlessly collaborate with suppliers during onboarding, share intelligence on supply chain threats and collectively respond to breaches. As such, you can optimise industry resources, build connections with other security analysts and strengthen network-wide cyber resilience.

Customer Spotlight: United Utilities

A FTSE 100 company, United Utilities operates the regulated water and wastewater networks in North West England.

Challenge: United Utilities relied on TPRM spreadsheets and in-depth manual reviews, which imposed a huge strain on the security team’s productivity and frustrated suppliers, many of whom refused to do a spreadsheet.

Solution: United Utilities made it mandatory for all suppliers to use Risk Ledger’s platform. The majority of United Utilities suppliers already had peer-assessed security profiles on the platform, which simplified assessment reviews and centralised supplier assurance data in one place.

Result:

Significantly lower time burden on the security teams at United Utilities and its suppliers.
Enhanced United Utilities’ engagement and relationship with its suppliers.
Supported alignment with NIS-D, bolstering ecosystem-wide resilience.
‍

"For all our industry to move all of our suppliers on the same platform, and getting these synergies, made a lot of sense.”

United Utilities’ Cyber Security Technical Assurance Manager
‍

Get started with Risk Ledger

Risk Ledger helps security analysts move beyond tedious review cycles and enables security teams to make an ecosystem-wide difference.

By supporting organisations to move beyond outdated TPRM approaches toward a more connected and continuous supply chain security model, we’re helping IT Risk Analysts, InfoSec Managers and Data Protection Officers in highly-regulated industries to bolster supply chain resilience and Defend-as-One.
‍