Customizing Risk Thresholds
Adjust scoring thresholds to match your organization's risk appetite
Overview
By default, Ezy Risk uses standard thresholds to classify vendors into Low, Medium, High, and Critical risk levels. However, your organization may have different risk tolerance levels based on your industry, regulatory requirements, or internal policies.
Enterprise plans can customize these thresholds to better reflect your organization's risk appetite.
Default Thresholds
The standard risk level thresholds are:
How to Customize Thresholds
Go to Settings
Navigate to Settings → Risk Configuration (Enterprise plans only).
Adjust Threshold Values
Use the sliders or input fields to set the score boundaries between risk levels.
Save Changes
Click Save. New thresholds apply to all future assessments. Existing assessments retain their original classification.
Example Configurations
Conservative (High Security)
For organizations with strict security requirements (financial, healthcare):
- • Low: 85-100% (only highest performers)
- • Medium: 70-84%
- • High: 50-69%
- • Critical: Below 50%
Standard (Default)
Balanced approach suitable for most organizations:
- • Low: 75-100%
- • Medium: 50-74%
- • High: 25-49%
- • Critical: Below 25%
Lenient (Low Security Impact)
For non-sensitive vendors or initial screening:
- • Low: 60-100%
- • Medium: 40-59%
- • High: 20-39%
- • Critical: Below 20%
Best Practices
- Align with policies
Match thresholds to your organization's documented risk acceptance criteria.
- Document changes
Keep records of threshold changes and the rationale for auditors.
- Test before applying
Review how existing assessments would be classified under new thresholds.
- Avoid too-lenient thresholds
Setting thresholds too low may miss genuine security risks.