Understanding the Scoring Engine
How scores are calculated, domain scores, overall compliance score
4 min read•Article 4 of 6 in Reviewing & Scoring
Understanding the Scoring Engine
The scoring engine calculates compliance scores based on review verdicts, question weights, and the configured scoring strategy.
How Scoring Works
The scoring process follows this hierarchy:
1.Question Scores — Each question receives a score based on the verdict (Pass = 100%, Fail = 0%)
2.Control Area Scores — Average of question scores within the control area, weighted by question weights
3.Domain Scores — Average of control area scores within the domain
4.Overall Score — Average of domain scores, weighted by domain weights
Scoring Strategies
The template's scoring strategy affects how scores are aggregated:
Weighted Average
- •Questions with higher weights have more impact
- •Most commonly used strategy
- •Provides a balanced view of compliance
Equal Weight
- •All questions contribute equally
- •Ignores assigned weights
- •Useful when all controls are equally important
Highest Risk
- •The domain score equals the lowest question score
- •One failure pulls down the entire domain
- •Best for high-security assessments
Critical Gates Impact
If a critical gate question fails:
- •The overall assessment is marked as non-compliant
- •This applies regardless of the numerical score
- •The report clearly identifies the failed critical gate
Score Interpretation
| Score Range | Interpretation |
|---|---|
| 90-100% | Excellent compliance |
| 80-89% | Good compliance |
| 70-79% | Acceptable compliance |
| 60-69% | Needs improvement |
| Below 60% | Significant gaps |
Compliance Threshold
The template defines a compliance threshold (e.g., 80%). Assessments scoring at or above this threshold are considered compliant and may receive a compliance certificate.