Important notice
The Classic Experience will be sunset on
Aug. 1.
If you have questions, contact your Customer Success and Implementation Manager,
Account Manager, or
support@trustarc.com.
Inherent Risk Score − Control Effectiveness = Residual Risk Score
Calculating Control Effectiveness
•Control Effectiveness is calculated based on the responses selected in a completed risk assessment.
•Each control effectiveness question response in the risk assessment is assigned a Control Effectiveness Score ranging from 0 to 4.
•Overall Control Effectiveness is the average of all applicable Control Effectiveness question responses, divided by the highest number in the Control Effectiveness scale.
Third Party Residual Risk
•With associated systems — If the third party owns one or more system records, the residual risk is the highest residual risk score across all owned system records.
•Without associated systems — If the third party owns no system records, the residual risk is calculated based on the third party's organizational inherent risk reduced by the third party's organizational control effectiveness.
Company Entity Residual Risk
•The Company Entity residual risk score is the highest residual risk score across all Business Process and System records associated with that entity that have completed a risk assessment. For example, if the highest residual risk score across the entity's owned records is Medium, the Company Entity residual risk score is Medium.