Scoring Methods
Configure custom formulas to calculate risk scores from questionnaire responses
Scoring methods define how questionnaire responses are converted into numerical risk scores. Each method uses a JSON-based formula that can weight questions, sections, and apply custom logic to calculate the final residual risk score (0-100).
Flexible Formulas
Define custom calculation logic using JSON formulas that can weight questions by domain, section, or individual question weight.
Multiple Methods
Create different scoring methods for different assessment types, vendor tiers, or risk categories.
Understanding Scoring
Each question response can have a score. For Yes/No questions, typically Yes = 0 (good), No = 100 (bad). For Multiple Choice, each option has its own score. Questions also have weights that multiply their impact.
Sections can have weights that determine their relative importance. For example, "Data Protection" might be weighted more heavily than "General Security".
The final risk score (0-100) is calculated by combining question scores, weights, and section weights according to the formula. Higher scores indicate higher risk.
Creating Scoring Methods
Navigate to Scoring Methods
From the vendor risk dashboard, click the "Scoring Methods" button in the top-right corner, or go to Settings → Vendor Risk →Scoring Methods.
Create New Method
Click "Create Scoring Method" and provide:
Descriptive name (e.g., "Standard Vendor Risk Scoring")
Explanation of when and how this method should be used
Check to make this the default scoring method for new assessments
Define Formula
Enter the scoring formula as JSON. The formula structure typically includes:
{
"sectionWeights": {
"Security Governance": 1.0,
"Data Protection": 1.5,
"Incident Response": 1.2
},
"questionWeightMultiplier": true,
"maxScore": 100,
"minScore": 0
}Save Method
Click "Save" to create the scoring method. It will be available for selection when creating assessments.
Formula Structure
sectionWeights
Optional object that defines relative weights for questionnaire sections. Sections not listed default to weight 1.0.
questionWeightMultiplier
Boolean flag. If true, individual question weights are multiplied with section weights. If false, only section weights are used.
maxScore / minScore
Optional bounds for the final risk score. Defaults to 0-100 if not specified.
- For each applicable question, get the response score
- Multiply by question weight (if enabled)
- Group by section and apply section weight
- Sum all sections and normalize to 0-100 range
Example Formulas
Equal weighting for all sections, question weights applied:
{
"questionWeightMultiplier": true,
"maxScore": 100
}Different weights for different sections:
{
"sectionWeights": {
"Data Protection": 2.0,
"Security Governance": 1.5,
"Incident Response": 1.0
},
"questionWeightMultiplier": false,
"maxScore": 100
}Setting Default Scoring Method
When creating a new assessment, if no scoring method is explicitly selected, the default method will be used. Only one method can be set as default at a time.
View Scoring Methods
Navigate to the Scoring Methods page. You'll see all configured methods with their status.
Set as Default
Click "Set as Default" on the method you want to use as default. If another method was previously default, it will be unset.
Best Practices
Start Simple
Begin with a simple formula (equal weights) and refine based on actual assessment results.
Weight Important Sections
Give higher weights to sections that are more critical for your risk assessment (e.g., Data Protection for data-sensitive vendors).
Test Before Production
Test new scoring methods with sample assessments before setting as default.
Document Formulas
Use the description field to document when and why to use each scoring method.
Need Help?
Our support team is here to help you configure scoring methods.