Skip to main content
All CollectionsRisksRisk Management
Risk Management Custom Risk Scoring & Legend
Risk Management Custom Risk Scoring & Legend

How to define and configure your risk scores and thresholds to meet your specific needs

Updated over 2 months ago

Many customers use methodologies other than the standard 5x5 Impact vs. Likelihood risk scoring. For those who do, this feature allows you to configure your risk scores and thresholds to better align with how your organization assesses, scores, and treats risks.

Note: Risk Management Custom Risk Scoring is only available with the Risk Management. Risk Management is part of the Advanced package and is separate from Risk Assessment. Learn more at https://drata.com/plans.

  • Please contact your CSM or Support if you're interested in learning more and adding Risk Management to your account.

Prerequisite

  • Ensure you have a Admin or Risk Manager role in Drata. Only Admin and Risk Managers have the ability to configure and modify scoring methodology

HOW IT WORKS

⚠️ Important Notes

  • If you've modified your risk scoring, you may need to complete some sections manually such as the heatmap and definitions.

  • Changing the impact or likelihood to values lower than your current scores will clear existing scores and require a reassessment of risks.

    • For example, I used a 5x5 method scoring but I changed it to 3x3, my scores will be reset.

    • It may take a few minutes for your risk register to update with the new scoring methodology.

  1. When viewing the Risk Register, notice the gear icon adjacent to the action buttons

  2. On selection of the gear, the 'Risk register settings' drawer will open with the default scoring and thresholds

    • The default scoring is set to 5 x 5 (Impact x Likelihood)

    • You can select any permutation between three (3) and ten (10) for impact and likelihood, respectively

    • The number of values will automatically re-adjust based on your impact and likelihood selections

    • On the ‘Scoring’ tab, you can add definitions to each numerical value (ex. 1 = No impact, 2 = Slight Impact, etc.) for both impact and likelihood

  3. On selection of the ‘Thresholds’ tab, you will be presented with the default of four (4) thresholds - Low, Medium, High, and Critical

  4. The threshold values will automatically readjust based on your impact and likelihood selections.

  5. By selecting the 'Plus' button on the threshold chart, you can add up to five (5) thresholds.

  6. By selecting the trash icon next to each threshold name and description, you may have as few as two (2)

  7. You can change the threshold range by clicking and dragging the selector OR by using the arrow keys

  8. The visualizations on the insights page will expand/contract based on the scoring configuration

  9. On selection of any of the visualizations, you will be directed to the risk register to a filtered view of the risks within that criteria

Did this answer your question?