Vendor Score: Risk Score Ingrid The Risk Score is one of the vendor scores. It is instrumental for understanding the total risk of a vendor. It gives an overall risk measure of a vendor which is obtained by adding the Trust Score and Impact Score. Methodology (Impact Score+(100-Trust Score))/2=Risk Score Possible combinations: Combination: Low Impact + Low Trust Risk Details: Low to Medium Risk A vendor is a low business risk to the organization and doesn’t supply enough evidence to support that they have a strong security posture. It’s a low risk vendor. Combination: High Impact + Low Trust Risk Details: High Risk A vendor is a high business risk to the organization but doesn’t supply enough evidence to support that they have a strong security posture. They are considered high risk. Combination: High Impact + High Trust Risk Details: Low to Medium Risk A vendor is a high business risk to the organization and supplies abundant evidence to support that they have a strong security posture. They are still a risk but there’s enough confidence they have a security focus. January 31, 2025: Separated from Vendor Scoring: Trust, Impact, & Risk. Related articles Vendor Scoring: Trust, Impact, & Risk Vendor Score: Trust Score Vendor Score: Impact Score Calculating Questionnaire Scores Default Impact Score Categories Feedback 0 comments Please sign in to leave a comment.