Calculator Inputs
Formula Used
Each factor is scored from 1 to 5. Protective factors are inverted using 6 − value. Scores are normalized to 0–1 with (raw − 1) / 4.
Risk Score = 100 × (Σ(wᵢ × nᵢ) / Σwᵢ), where wᵢ is the weight and nᵢ the normalized risk.
How to Use
- Select values that match your sharing scenario.
- Adjust weights if a factor matters more.
- Press Submit to calculate score and level.
- Review breakdown and recommended actions.
- Download CSV or PDF for your records.
Risk Levels
Example Data Table
These sample scenarios illustrate how different choices can affect the risk score and recommended posture.
| Scenario | Data Sensitivity | Scope | Trust | Protections | Controls | Duration | Cross-border | Subprocessors | Expected Level |
|---|---|---|---|---|---|---|---|---|---|
| Vendor evaluation | 3 | 3 | 3 | 4 | 4 | 2 | No | Yes | Medium |
| Product roadmap share | 4 | 4 | 2 | 3 | 3 | 4 | Yes | Yes | High |
| Public marketing draft | 1 | 2 | 4 | 4 | 4 | 2 | No | No | Low |
| Regulated data transfer | 5 | 4 | 1 | 2 | 2 | 5 | Yes | Yes | Critical |
Why confidentiality risk needs scoring
Confidentiality language can look standard while creating very different exposure. A repeatable score helps legal, procurement, and security teams compare agreements, prioritize review, and document approval rationale. Quantified risk also improves negotiations by showing which drivers moved the level and why.
Key contract indicators behind the score
The calculator evaluates eight indicators often reviewed in confidentiality terms and supporting documents. Data sensitivity and disclosure scope raise inherent exposure as they move from public information to regulated records, and from limited recipients to broad sharing. Recipient trust, legal protections, and access controls act as safeguards and are inverted, so stronger safeguards reduce risk. Storage duration raises risk as retention becomes longer or undefined. Cross-border transfer and subprocessors introduce onward-transfer risk and jurisdictional requirements, often demanding explicit flow-down clauses, audit rights, and monitoring.
Weighting to match organizational posture
Organizations rarely value every driver equally. Weights let you emphasize what matters most, such as regulated data, third-party processing, international movement, or strict retention rules. Each driver is normalized from 1 to 5 into 0 to 1, combined as a weighted average, and scaled to a 0 to 100 score. Keeping default weights stable across teams improves benchmarking, while scenario-specific weights make results more decision-relevant.
Using results to negotiate protections
Use the breakdown to target clause improvements. For medium exposure, tighten purpose limits, define permitted recipients, and require written incident notice. For high exposure, require encryption, strong authentication, access logging, and audit rights. Limit onward disclosures, add approval for new subprocessors, and specify transfer safeguards. For critical exposure, apply minimization, redaction, or controlled sharing methods, and strengthen remedies, indemnities, and clear return or destruction obligations with timelines and backup handling.
Operationalizing controls after signature
A score is only useful when it triggers action. Map levels to workflow steps such as added approvals, secure sharing channels, periodic access reviews, and shorter retention defaults. Store exports with the contract record so renewals reuse assumptions and show trend changes over time. Recalculate whenever scope expands, new recipients appear, subprocessors change, or data classifications are updated. Regular reviews keep controls aligned with evolving projects and audits. Document assumptions to support repeatable future decisions.
FAQs
What does a higher score mean?
A higher score indicates greater confidentiality exposure and weaker safeguards for the scenario you selected. Use it to prioritize review, strengthen clauses, and apply stronger handling controls before information is shared.
Why are some factors inverted?
Recipient trust, legal protections, and access controls reduce risk when they are strong. The calculator inverts these values so stronger safeguards contribute less to the final risk score, keeping all components directionally consistent.
How should I choose weights?
Start with equal weights for a baseline. Increase weights for drivers that create the most impact in your organization, such as regulated data, third-party processing, or international transfers. Keep weights consistent across teams for benchmarking.
Can I use this for vendor assessments?
Yes. Enter the vendor relationship context, sharing scope, protections, and operational controls. The breakdown highlights which gaps raise risk, helping you request specific contractual terms and technical measures during onboarding and renewals.
How often should the score be updated?
Update the score when the sharing purpose changes, data sensitivity changes, recipients expand, retention changes, or new subprocessors are added. Refreshing the score keeps contract records aligned with current operations and compliance expectations.
Are exports suitable for audit files?
Exports provide a timestamped summary of inputs, weights, and results that can be stored with the agreement record. They support internal governance by showing how decisions were reached, but they do not replace legal review.