Skip to content
English - United Kingdom
Sign in
  • There are no suggestions because the search field is empty.

RiskXchange Combined Score: A Comprehensive Third-Party Risk Rating System

 

The RiskXchange Combined Score is a comprehensive risk rating system that evaluates an organisation’s third-party risk. It provides a unified risk score by integrating both external cybersecurity posture risk and internal security and compliance across information security, ESG (Environmental, Social, and Governance), and GDPR.

How the RiskXchange Combined Score Works

The score is built using two primary components:

  1. RX Score (External Cybersecurity Posture Risk)
    • This assesses an organisation’s publicly accessible digital footprint, identifying security vulnerabilities across multiple domains.
    • The RX Score is calculated automatically through continuous, non-intrusive security assessments.
    • It includes the following security domains:
      • Application Security – Identifies common website application vulnerabilities.
      • Business Reputation – Assesses the online reputation of a business.
      • Cyber Attacks – Detects publicly disclosed data breaches and ransomware incidents.
      • Database Security – Identifies exposed or misconfigured database servers and their associated risks.
      • Encryption – Evaluates encryption strength, weak encryption settings, and expired certificates.
      • Mail/DNS Security – Detects insecure DNS configurations and vulnerabilities.
      • Malware – Identifies suspicious activity, malware, or spam within a network.
      • Network Security – Identifies insecure network settings.
  2. Assessment Score (Internal Security & Compliance)
    • This score evaluates an organisation’s internal security governance, compliance measures, and regulatory alignment.
    • It covers key compliance frameworks and regulations, including:
      • Information Security – Assesses controls related to ISO 27001, NIST, SOC 2, and other cybersecurity standards.
      • ESG (Environmental, Social, and Governance) – Evaluates risk factors related to ethical business practices, corporate social responsibility, and sustainability.
      • GDPR & Data Privacy – Measures compliance with data protection regulations and privacy frameworks.
    • Unlike the RX Score, this is based on structured assessments, including security questionnaires, policy evaluations, and regulatory compliance checks.

Customisable Weighting for Tailored Risk Analysis

The RiskXchange Combined Score offers full control over the weighting of these two components. Users can adjust a slider to determine how much influence each factor has on the final risk rating:

  • Prioritising the RX Score provides a risk rating driven by external cybersecurity vulnerabilities.
  • Prioritising the Assessment Score emphasises regulatory compliance, security governance, and ESG considerations.
  • Balancing both factors ensures a well-rounded risk evaluation covering both technical exposure and policy-based security.

This flexibility allows organisations to tailor their risk assessments based on their industry, regulatory environment, and risk management priorities.

Why Use the RiskXchange Combined Score?

  • Comprehensive Risk Visibility – Integrates both external cybersecurity risks and internal governance, security, and compliance.
  • Regulatory Alignment – Ensures compliance with frameworks such as ISO 27001, GDPR, and ESG standards.
  • Customisable Weighting – Provides control over how risk factors are prioritised in the overall score.
  • Data-Driven Decision Making – Supports informed security and compliance decisions for third-party risk management.

The RiskXchange Combined Score provides a complete view of third-party risk, helping organisations manage security exposure, regulatory requirements, and governance standards more effectively