Finding Score

Modified on Fri, 8 Mar at 12:44 PM

The purpose of findings is mitigate the risk and manage them in the operation. Thus, as the outstanding findings piles up, it increases your exposure to the risk and asset are more susceptible from threats. This is the reason why Finding Score is tracked and we include them in the below risk scores:


- Asset Risk Score

- Vendor Risk Score


The formula to calculate Finding Score is two dimensional. The Finding Score is based on:

- Priority 

- Managed

- Unmanaged

- Status


Points by Priority:


3 pt = High

2 pt = Medium

1 pt = Low


Managed Finding is when a finding has a Risk Mitigation plan and the finding is within the Due Date SLA (e.g. Status = Open, Re-Open). 


Unmanaged Finding is when finding does not have a Risk Mitigation plan or the finding is past the Due Date for SLA (e.g. Status = Expired). If a finding is unmanaged, add 1pt to the finding score. 


Last, if a finding Status is Closed or Archived, we do not count them in the Finding Score. 


See example to calculate Finding Score below example. Total Finding Score = 6pt.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article