Skip to main content
All CollectionsRisksRisk Management
Risk Management Custom Risk Scoring & Legend
Risk Management Custom Risk Scoring & Legend

How to define and configure your risk scores and thresholds to meet your specific needs.

Updated yesterday

Many customers use methodologies other than the standard 5x5 Impact vs. Likelihood risk scoring. For those who do, this feature allows you to configure your risk scores and thresholds to better align with how your organization assesses, scores, and treats risks.

Note: Risk Management Custom Risk Scoring is only available with the Risk Management. Risk Management is part of the Advanced package and is separate from Risk Assessment. Learn more at https://drata.com/plans.

  • Please contact your CSM or Support if you're interested in learning more and adding Risk Management to your account.

Prerequisite

  • Ensure you have a Admin or Risk Manager role in Drata. Only Admin and Risk Managers have the ability to configure and modify scoring methodology

Update scoring

⚠️ Important Notes

  • If you've modified your risk scoring, you may need to complete some sections manually such as the heatmap and definitions.

  • Changing the impact or likelihood to values lower than your current scores will clear existing scores and require a reassessment of risks.

    • For example, I used a 5x5 method scoring but I changed it to 3x3, my scores will be reset.

    • It may take a few minutes for your risk register to update with the new scoring methodology.

  1. On the Risk Management page and the Register tab, select the gear icon.

The 'Risk register settings' drawer will open and displays the Scoring and Thresholds tab.

  • On the Scoring tab, you can:

    • Update the default scoring system. The The default scoring is set to 5 x 5 (Impact x Likelihood).

    • Select any permutation (combination) between 3 and 10 for impact and likelihood, respectively

      • The number of values will automatically re-adjust based on your impact and likelihood selections

    • Define the impact and likelihood levels with numerical values. For example, Impact level 1 means there is no Impact, and Impact level 2 means there is a slight impact.

  • On the Thresholds tab, you will be presented with the default of 4 thresholds: Low, Medium, High, and Critical

    • The threshold values will automatically readjust based on your impact and likelihood selections.

    • Select the Plus (+) button on the threshold chart to add up to five (5) thresholds.

    • Remove a threshold by selecting the trash icon next to its name and description, ensuring at least two (2) thresholds remain.

    • Adjust the threshold range by clicking and dragging the selector.

Insights tab

The visualizations on the insights tab will expand/contract based on the scoring configuration.

On selection of any of the visualizations, you will be directed to the risk register to a filtered view of the risks within that criteria.

Did this answer your question?