The compliance score for a project or OU is a value that indicates the total weight of all findings for non-compliant checks, with Critical severity checks weighing the most. This gives you a quick way to evaluate which projects and OUs most urgently need your attention to restore compliance. A lower score is better, and a score of 0 means no compliance issues.
The compliance score is shown on:
- The Compliance View of the organization chart
- The compliance tabs for accounts, projects, and OUs.
- The overview tabs for compliance checks and standards.
Here's how we calculate compliance scores for projects and OUs:
- Each compliance check you create allows you to select a Severity, as seen in the Add a Compliance Check article. Each compliance check can have multiple findings.
- Each severity has a designated weight that is used to calculate the score. These weights are:
- Critical severity = 10
- High severity = 6
- Medium severity = 3
- Low severity = 2
- Informational = 1
- The severity score is the sum of all (total findings for a non-compliant check * its designated weight) based on the context, as shown in the example below:
(Check A- Critical - 5 findings)*10 weight = 50
(Check B- High - 2 findings)*6 weight = 12
(Check C- Medium - 4 findings)*3 weight = 12
(Check D- Low - 1 finding)*2 weight = 2
(Check E- Informational - 0 findings)*1 = 0
50+12+12+2+0 = Compliance score of 76 for this context
Compliance scores depend on the context (i.e., if you're viewing it for a project vs an OU). For a project or OU, factors include which compliance checks are associated with that project/OU (which could be applied locally or inherited), as well as the accounts associated with the project/OU. As a result, the compliance score for a top-level OU is likely to be much higher than that of a project.
For an easy visual indication of how checks of each severity contributed to the compliance score, you can see the doughnut chart for a project or OU on the org chart's Compliance View.