Observed Devices Thresholds for Grading Desktop and Mobile Software Risk Vectors

When there’s insufficient data, the Desktop Software and Mobile Software risk vectors are assigned a default grade. Either:

• There are no findings.
• The number of observed devices falls below a minimum threshold. To avoid sudden fluctuations, the risk vector grade is reassigned from A to F when the number of observed devices has stayed above the threshold for 65 days.

Thresholds

Thresholds ensure there is a sufficient statistical sample size for any company of any size. They are determined as follows:

• The number of observed devices is less than 5 (<5), or
• The number of observed devices is less than 100 (<100) and less than the number of employees divided by 1,000 (<employee_count/1000).

Examples of the number of employees and their observed devices thresholds:

• 1,000 employees = Less than 5 observed devices
• 5,000 employees = Less than 5 observed devices
• 20,000 employees = Less than 20 observed devices
• 100,000 employees = Less than 100 observed devices
• 200,000 employees = Less than 100 observed devices