Organize your data, view and understand your rating
This guide discusses functionality from across product tiers and may reference functionality not available on your account.
Step 1: Organize
Decide how you want to organize data.
- Subsidiaries: Subsidiaries are separate entities owned by the parent company. Entities in the Subsidiaries module don’t affect your principle rating and you can evaluate them individually.
- Asset portfolios: Use these to group domains, subdomains, and IPs, by who is responsible for managing them.
- Create labels: Use labels to tag domains, subdomains, and IPs with any information you want to filter or report by. Examples:
- domain type (marketing, product, etc).
- data access (access to PII data, etc).
- designate who is responsible for an asset (if you don’t have asset portfolios).
- designate subsidiaries (if you don’t have the Subsidiaries module). In this case, subsidiaries do not have separate ratings.
Step 2: View your rating
UpGuard uses a risk rating to help you (and others) understand your security posture. Once you’ve set up the platform (e.g. confirmed domains and IPs), you’ll have a baseline rating to begin investigating. Your goals:
- Raise or maintain your score to the level you want.
- Everyone starts with a rating of 950 and any identified risks detract from your score. Evaluate risks to understand (and hopefully improve!) your security posture. Your score improves as a side effect of addressing risks.
When viewing your rating, you’ll be able to choose what you see:
- (External) Your automated risk rating
- (External) Your automated risk rating with public waivers applied
- (Internal) Your automated risk rating with private waivers applied
Step 3: Understand your rating
UpGuard performs non-intrusive scans every 24 hours. These scans inform your rating.
Your rating is determined by:
- 10 categories — each carrying a different weight (e.g. one category weighs 19%, another weighs 1%).
- Risks — ranked as critical, high, medium, low*.
- Vulnerabilities — typically associated with a risk.
Risks, their ranking, and their category determine your risk rating.
From Exec Summary
- View your overall rating and each category’s rating
- View how many risks there are in each category
*There are also informational risks, but these do not affect your score.