Skip to main content

Understanding, Using, and Trusting Risk Index

Courtney McNamara
Updated

Quick Start Guide

What is Risk Index

How to Use and Interpret Risk Index

Why Should You Care About Risk Index

How is Risk Index Different from Other Tools

Is Risk Index Trustworthy and Dependable

Quick Start Guide

  1. Claim your profile on the Global Risk Exchange.
  2. Upload supporting documents (certifications, policies).
  3. Complete or update your assessment manually or by using Assessment Autofill.
  4. Review your Risk Index and Domain Index.
  5. Take recommended actions in the Action Center.
  6. Monitor your rating.

What Is Risk Index?

Risk Index is a dynamic, data-driven risk metric developed by ProcessUnity to give organizations and their customers a transparent, actionable view of cybersecurity risk posture. Unlike traditional ratings tools that rely solely on external data, Risk Index incorporates your company’s perspective by blending attested internal controls (inside-out data), predictive analytics, and external threat intelligence (outside-in data) into a single, actionable score.

  • Inside-Out Data (80%): Your attested controls, assessment responses, and supporting documentation (e.g., SOC 2, ISO certifications, security policies, remediation plans). This data is supplemented by predictive analytics based on your business context (industry, geography, vendor type).
  • Outside-In Data (20%): External threat intelligence, breach history, and perimeter scanning.

  • Component Breakdown:

    • Security Controls (50%)
    • Perimeter Scanning (10%)
    • Vulnerability Resiliency (30%)
    • Threat Intelligence (10%)
360 Degrees Cyber Risk.png

 

How to Use and Interpret Risk Index?

  • See Exactly How Your Score Is Calculated: The dashboard transparently shows contributing factors, so you know what drives your score.
  • Domain Drilldown: Explore Risk Domains (e.g., Application Security, Data Protection, Endpoint Security) to identify and prioritize areas for improvement.
  • Agency Over Your Rating: Use the "Action Center" tab on your Company Profile page to access a checklist of complete key items that can directly influence your Risk index. 
  •  Accelerate Due Diligence: Satisfy customer assessment requests faster and reduce repetitive manual work with a comprehensive, assessment-ready risk summary.
  • Build Customer Trust: Demonstrate your security maturity and control effectiveness from both inside-out and outside-in perspectives.
  • Update Regularly: Keep your attested data and documentation current; your input has the greatest influence on your index.
  • Assessment Autofill: Upload supporting documents to quickly pre-populate assessments, saving time and ensuring completeness. 

Interpreting Your Rating:

  • Scores range from “Very Weak” to “Very Strong,” reflecting the maturity and effectiveness of your cybersecurity practices.
  • A higher index means robust controls and lower threat exposure; a lower index signals areas needing attention.
  • When reviewing the Risk Index Rating, it may be helpful to have the following sentence in mind:
    • The company’s defensibility against cyber risk is ... [Very Strong, Strong, Fair, Weak, Very Weak]

Why Should You Care About Risk Index?

  • Transparency & Control: You can see exactly how your score is calculated and influence it by updating your data. No more “black box” ratings.
  • Efficiency: A complete Risk Index may reduce the volume of due diligence requests from customers, saving your team time and effort.
  • Actionable Guidance: The Action Center and domain breakdowns provide clear steps to improve your security posture.
  • Customer Impact: Customers use your score to shortlist vendors, vet quickly, and streamline assessments. Keeping it current helps control your narrative and speeds up business.

How Is Risk Index Different from Other Tools?

  • Vendor Participation: Risk Index is the only score that actively seeks your input, giving you agency to shape your representation. Traditional ratings (e.g., BitSight, SecurityScorecard) rely mostly on external data and don’t let you influence your score. 
  • Comprehensive Data Blend: Combines inside-out (attested) and outside-in (external) data, plus predictive analytics, for a fuller picture.
  • Transparent Scoring: The model is straightforward so you see how each factor contributes and update your score in real time.
  • Dual-Sided Value: Designed for both customers and third parties, providing actionable insights and value to both. 

Is Risk Index Trustworthy and Defendable?

  • Data Sources: Uses attested controls, external threat intelligence, and predictive analytics based on industry standards (e.g., NIST CWE framework). 
  • Algorithm Transparency: The scoring algorithm is published and explained in the Risk Index White Paper and Risk Index FAQs. You can see how each component (controls, vulnerabilities, perimeter scanning, threat intelligence) is weighted and calculated.
  • Real-Time Updates: Scores update within 24 hours of new data submission, ensuring accuracy and recency.
  • Appeals Process: If you believe there is an error with your Risk Index after completing the Global Risk Exchange questionnaire, you can contact exchangesupport@processunity.com to review the contributing data and provide updated information.  If you need help understanding or addressing the external components of the rating after viewing them on the Monitoring tab of your profile, you can contact integrationsupport@processunity.com for guidance. 
  • Industry Validation: Built by cybersecurity experts, leveraging recognized standards and frameworks for defensibility.

 

 

Was this article helpful?

1 out of 1 found this helpful
Return to top

Related articles