The score is determined by the policies and tags that are applied to your security profile by each client.

Clients categorise their suppliers based on three tags:

If your score is showing as 100% compliant this usually means that your security profile is compliant with all the required controls for the policy your client has assigned to you and they can approve your profile.

💡 In some cases your profile may appear as 100% compliant because your client has not yet assigned any policies or tags to your profile. This means your compliance score may change once these have been applied.

Keep an eye on the Action Centre where you will be notified via email if the client asks follow up questions to find out more about how you have implemented specific risk controls and to verify their implementation. Your email notifications will need to be turned on for discussions and remediation requests in order to receive these.

If your compliance score is less than 100%, you can easily see which domains and risk controls you are non-compliant with.

You can click into each control to review it in full, see your current response, see your client's requirements and look back at all updates to this control over time.

💡 Non-compliant controls: If a response is marked as non-compliant, a client can begin a discussion with you to understand more about your response or send a remediation request. If the control is not applicable to your organisation, then your client can mark it as exempt and the control will not impact your compliance score.

If your client requests you to remediate a control, or you would like to proactively improve your security maturity, you can refer to our Knowledge Base for help on how to implement controls.