tprm-scorer

TPRM Risk Scorer

Calculates and manages vendor risk scores.

Capabilities

• Risk Scoring: Calculate inherent and residual risk
• Rating Assignment: Assign risk ratings (Critical/High/Medium/Low)
• Trend Analysis: Track risk score changes over time
• Peer Comparison: Compare vendors in same category

Scoring Methodology

Inherent Risk Factors (40%)

Factor	Weight
Data Sensitivity	15%
System Access Level	10%
Business Criticality	10%
Regulatory Impact	5%

Control Risk Factors (60%)

Factor	Weight
Security Certifications	15%
Questionnaire Score	20%
Audit Findings	15%
Incident History	10%

Risk Rating Thresholds

Rating	Score Range	Review Frequency
Critical	80-100	Quarterly
High	60-79	Semi-Annual
Medium	40-59	Annual
Low	0-39	Biennial

Output Formats

• Risk scorecard
• Rating justification
• Treatment recommendations
• Monitoring requirements