📆 Following the demand, we extended our free trial to 30 days! No automated billing/upgrade. You decide!  

General Guidance

VUCA score

Role-Specific Access

Targeted Users: This feature is primarily designed for users with the role of Compliance Manager in vucavoid.

Overview of the VUCA Score

Purpose and Importance

VUCA score is a core function of vucavoid. It is providing insights into the compliance management posture of the tenant by actively scanning the tenant for specific applicable conditions. A condition is pre-defined combination of states/events within a tenant that provide insights into the current posture of a tenant's compliance (management).

These conditions are all designed to identify situations that have the potential to increase volatility, uncertainty, complexity and/or ambiguity (VUCA) of the compliance (management) within the tenant.

Please note, the VUCA score can only be based on the reflected compliance posture within vucavoid. Changes that are not reflected into vucavoid, cannot influence the VUCA score.

vucavoid is automatically re-calculating the VUCA score every thirty (30) minutes for each tenant. It is possible to trigger a manual re-calculation by making use of the button in the top right corner of the overview screen. This can be meaningful, if a compliance manager of a specific tenant is interesting in the devleopment of the VUCA score caused by changes in the tenant. A re-calculation can take up to several minutes, depending on the number of elements in the tenant as well as the number of relevant conditions.

To summarize briefly:

  • Metric for compliance (management) posture: The VUCA score acts as a beacon, simplifying the tenant's approach to compliance management.
  • Reflective Feedback: Based on data input in vucavoid, the VUCA score offers insights into the tenant's compliance posture.
VUCA score: The heart of vucavoid, providing guidance on what matters most for your compliance posture (demo data).
VUCA score: The heart of vucavoid, providing guidance on what matters most for your compliance posture (demo data).

Filtering, Sorting, Searching and Grouping

Per default, the overview shows all conditions that apply to the current compliance management setup in vucavoid for the respective tenant. The list can be filtered, sorted, searched and grouped. All these options can also be combined to provide the most relevant insights for a tenant's compliance manager.

Filtering

To filter the list, different criteria are available that can be combined - or reset.

Per default, the list is filtered for all conditions that apply and, hence, contribute points to the tenant's VUCA score. It is also possible to remove the standard filter or to filter for such conditions that do not apply and, hence, do not contribute points to the score.

VUCA score: Options to filter the list of conditions.
VUCA score: Options to filter the list of conditions.

Sorting

Sorting the list works by clicking the sortable column headings (indicated by the chevron symbol next to the heading; see example below). Multiple clicks on the same column heading switch the sorting between descending and ascending order. Please note: Grouped lists will only be sorted within the respective groups.

VUCA score: Sorting the list by clicking the column headings that are sortable. In the picture: Points, Impact and Inclusion are all sortable as indicated by the chevron symbol next to the heading text.
VUCA score: Sorting the list by clicking the column headings that are sortable. In the picture: Points, Impact and Inclusion are all sortable as indicated by the chevron symbol next to the heading text.

Searching

To search the list, start typing in the search filed at the upper right part of the table. Once the first letter is typed, the list will be searched automatically.

Grouping

By default, the list of conditions is grouped by the condition group. It can also be grouped by the affected object type or for such conditions that impact the score or not. To resolve grouping of the list (e. g. for better sorting), simply set the grouping option to "Group by" which will not group the list.

Calculation of the VUCA Score

Basis

The basis for the VUCA score is a straightforward point system that vucavoid applies in the background. Conditions are subject to a rating system that assigns between 0,5 and 15 points (depending on edge cases, it is possible that specific conditions add up to an indefinite amount of points). The amount of points per condition is based on an underlying criticality scale which cannot be changed by the tenant itself.

Example:

  • An active indicent is of priority 'high', has one connected meta model object hat is impacted 'medium' and involves personally identifiable data (PII): Contributing 10 points to the VUCA score.
  • An implemented control that is defined for vucavoid-based control reporting has a missing reporting quota of between 5% - 10%: Contributing 2 points to the VUCA score.
  • An active meta model object with a business criticality of 'medium' is not connected to any capability within the meta model of the tenant: Contributes 0,5 points to the VUCA score.

Based on the assumed criticality, different conditions contribute a different amount of points to the score.

VUCA score: Exemplary conditions, contributing 5 points in total to the organization's Official VUCA score and 3 points to the tenant-specific VUCA score based on the tenant-specific in-/exclusion settings (demo data).
VUCA score: Exemplary conditions, contributing 5 points in total to the organization's Official VUCA score and 3 points to the tenant-specific VUCA score based on the tenant-specific in-/exclusion settings (demo data).

Overall, the tenant-wide VUCA score itself is determined by a simple ratio of the sum of points from applicable conditions divided by all potential points (as known to vucavoid).

VUCA levels

Since the VUCA score is calculated and presented as a percentage based on the applicable conditions, which contribute different amounts of points to the overall score, it is evident that the ratio might change frequently based on day-to-day developments in the tenant's compliance management.

To provide for a better

  1. landmark function (provide better orientation) as well as
  2. stability,

the ratio is translated into a VUCA level. Currently, the following levels are defined:

  • Perfect: max. 5%
  • Very good: max. 15%
  • Good: max. 25%
  • Mediocre: max. 40%
  • Bad: max 75%
  • Uncontrolled: above 75%

Each level is represented in a different color, following a comprehensive scheme with green depicting better scores and red depicting worse scores.

Please note, the defintion of VUCA levels might be adjusted over time, the VUCA level of specific tenants might change without a change in the underlying compliance management. Clients will be informed about such changes upfront.

VUCA score: VUCA levels exist for both, the official and the tenant-specific VUCA scores (demo data).
VUCA score: VUCA levels exist for both, the official and the tenant-specific VUCA scores (demo data).

Official VUCA score vs. Tenant-specific VUCA score

vucavoid is offering two different VUCA scores.

The leading variant is the "Official VUCA score" which is accounting for all conditions that are applicable across a tenant's compliance management. The tenant and its compliance managers (including tenant admins) cannot influence the calculation of this score.

As a mean for better differentiation and to account for more individuality in the VUCA score, vucavoid is offering the tenant the possibility to exclude different conditions groups (see below) and base its work on the "Tenant-specific VUCA score". This score only takes into account those groups of conditions that the compliance managers of the respective tenant leave to be included.

Include and exclude condition groups

As a baseline, the tenant-specific VUCA score is the same as the official VUCA score. The tenant-specific score (TSS) can never be higher than the official score (OFS) since the only way to individualize the TSS is by exlcuding conditions groups that are part of the OFS.

For better standardization and a more comprehensive socre calucation, vucavoid only allows for the exclusion of an entire condition group. To exclude a group, click on the red button "Exclude group" next to one of the conditions matching that group. A modal window will show up to display the overall amount of points this group adds to the OFS at the time of the exclusion. Confirm the modal window to exclude the group from the TFS.

VUCA score: Exclusion of a condition group from the tenant-specific VUCA score (demo data).
VUCA score: Exclusion of a condition group from the tenant-specific VUCA score (demo data).

To include a condition group, click on the green button "Include group" next to a condition matching that group. The following modal window will show the amount of points that will contribute also to the TFS after confirmation. Confirming the modal window includes the condition to the TFS again.

VUCA score: Inclusion of a condition group to the tenant-specific VUCA score (demo data).
VUCA score: Inclusion of a condition group to the tenant-specific VUCA score (demo data).

Once conditions are ex- or included, vucavoid will inform all affected compliance managers of the respective tenant about the ex- or inclusion. These email are sent to keep relevant staff updated about changes made to the VUCA score as well as to avoid mistakes about in- or exclusions (detective control).

VUCA score: Email sent about ex- or inclusions of conditions groups in vucavoid (demo data).
VUCA score: Email sent about ex- or inclusions of conditions groups in vucavoid (demo data).

Examples for condition groups

Conditions are pre-defined configurations in vucavoid. Each specific condition group represents all tenant-specific instances where thepre-defined condition applies.

The following, non-conclusive, list of condition groups provides a more detailed/comprehensive understanding of condition groups:

Condition group Validity
An active object without an owner. Unlimited
Latest risk assessment for an active risk older than 366 days.This condition only applies if there has been an assessment in the past that is older than 366 days, otherwise other conditions are applied. Unlimited
Latest risk assessment resulting in a %RISK_LEVEL% score. Unlimited
Implemented control owner review overdue for more than 1 month. Unlimited
Remediation strategy of finding set to "Accepted not remediate". 365 days

Please note: Conditions group might be altered over time, directly from vucavoid, leading to one-time changes in the VUCA score without active involvement of the tenant's compliance managers (or tenant admins). Changes to the conditons group are always communicated upfront to all clients.

Example for OFS and TFS calculation

Condition applies Included Points
Yes Yes 2
Yes Yes 4
Yes No 3
No Yes 5
No No 3
Yes No 1
No Yes 2
No Yes 4

Official score Adding up all applicable conditions divded by all possible points

10/24 = 41,67% (~42%)

Tenant-specific score Adding up all applicable & included conditions divided by all possible points

6/24 = 25%


Not only are both scores shown in the overview of the tenant's VUCA score page, but also can be seen in a badge next to the navigation item in the left sidebar navigation. The badge shows the following values: "Official Score" | "Tenant-specific score".

VUCA score: Badge next to sidebar navigation shows the official and the tenant-specific VUCA scores (demo data).
VUCA score: Badge next to sidebar navigation shows the official and the tenant-specific VUCA scores (demo data).

Validity of conditions

Most conditins contribute to the VUCA score until the condition does no longer apply. Some of the pre-defined conditions come with pre-defined validity dates though.

These validity dates are spans of time that define for how long a specific condition contributes to the VUCA score of a tenant. Some conditions might not be alterable by the tenant's organization or the condition's impact might deter over time. vucavoid introduced validity dates for such circumstances - without excluding an entire condition group.

Examples for condition groups that have validity date are:

  • Individual task overdue: 365 days.
  • Remidiation strategy of finding set to "Accepted not remediate": 365 days.

Please note, most of the conditon groups in vucavoid do not have a validity date but contribute to the VUCA score for an unlimited span of time - until the condition does no longer apply.

Attribution charts

With a growing tenant, keeping track might become harder, even for VUCA score being a smart navigation tool.

vucavoid is providing a chart for each VUCA score (OFS and TFS, see above) on the attribution of VUCA points across the tenant's different entity types. The charts show the number of points that the different entity types contribute to the VUCA score - divided by the official and the tenant-specific VUCA score.

VUCA score: Charts on the attribution of VUCA points per score (OFS and TFS) (demo data).
VUCA score: Charts on the attribution of VUCA points per score (OFS and TFS) (demo data).

Reminders

To remind owners of affected entities (that contribute to the VUCA score) about its contribution, vucavoid is offering a reminder function per condition. Clicking the button "Remind owner" opens a modal window that, once confirmed, will trigger an email being sent to the owner of the entity (of the underlying, affected entity, e. g. the incident or the location).

vucavoid does not restrict sending multiple reminder emails for the same condition. Since it is a relevant information to know when the last reminder has been sent to the owner, it is shown when hovering the reminder button. If no reminder has yet been sent to the owner, the hover message will show this, too.

VUCA score: Modal window for confirming to send a reminder email to the owner of the underlying entity.
VUCA score: Modal window for confirming to send a reminder email to the owner of the underlying entity.

The owner will receive an email that looks like the following,

VUCA score: Reminder email for the owner of affected entity (demo data).
VUCA score: Reminder email for the owner of affected entity (demo data).

Overall, the VUCA score provides orientation to all users of the tenant, allowing for a more effective and efficient navigation throughout the compliance management.

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.