The risk score is the percentage of inherent risk that has been mitigated. The risk score ranges from 0% to 100%. A higher risk means more inherent risk has been mitigated by the vendor.

The risk score is the result of our detailed review of 100s of controls, including risk management, change management, physical and logical access, financial stability, cybersecurity, business continuity and disaster recovery, reportable breaches and outages, OFAC checks, and more. These controls map to FFIEC, ISO27002, ISO27701, NIST SP 800-53, PCI-DSS, and HIPPA standards.

Our analysis provides details regarding how each control is evaluated, the evaluation itself, and recommendations for increasing the risk score. For convenience, the risk scores less than 70% are categorized as High, risk scores between 70% and 90% are categorized as Medium, and risk scores higher than 90% are categorized as Low.

Please contact us so that we can provide you with the comprehensive, robust analysis that you can use to mitigate risk and protect your company. We look forward to helping you.