Skip to main content
What is compliance? How is it calculated? And, what can I do about it?

Find out what compliance is, how it is calculated and the types of actions you can launch to improve it.

Kian avatar
Written by Kian
Updated over 5 months ago

How is it calculated?

The score is determined by the policies and tags that are applied to your security profile by each client.

Clients will categorise their suppliers based on three criteria:

  1. Criticality: This measures how essential the availability of a supplier's services is to the client.

  2. Confidentiality: This assesses the sensitivity and type of data the supplier holds for the client.

  3. Personally Identifiable Information (PII): This determines whether the supplier stores or processes any personal data.


100% Compliance

If your score is showing as 100% compliant this usually means that your security profile is compliant with all the required controls for the policy your client has assigned to you and they can approve your profile.

πŸ’‘ In some cases your profile may appear as 100% compliant because your client has not yet assigned any policies or tags to your profile. This means your compliance score may change once these have been applied.

Keep an eye on the Action Centre where you will be notified via email if the client asks follow up questions to find out more about how you have implemented specific risk controls and to verify their implementation. Your email notifications will need to be turned on for discussions and remediation requests in order to receive these.


Less than 100% compliance

If your compliance score is less than 100%, you can easily see which domains and risk controls you are non-compliant with.


View a specific control

You can click into each control to review it in full, see your current response, see your client's requirements and look back at all updates to this control over time.


Review non-compliant controls

πŸ’‘ Non-compliant controls: If a response is marked as non-compliant, a client can begin a discussion with you to understand more about your response or send a remediation request. If the control is not applicable to your organisation, then your client can mark it as exempt and the control will not impact your compliance score.

If your client requests you to remediate a control, or you would like to proactively improve your security maturity, you can refer to our Knowledge Base for help on how to implement controls.


πŸ’‘ If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.

Did this answer your question?