The formula
// for each risk on the contract
if status is accepted or rejected → 0
else if its playbook rule is disabled → 0
else if tied to a playbook rule → playbook weight(severity)
else → general weight(severity)
RiskScore = clamp( Σ contributions, 0, 100 )
HealthScore = 100 − RiskScore
Three things zero out a risk's contribution: you settled it (accepted or dismissed), the playbook rule that flagged it is currently disabled, or the rule was deleted (open risks are removed in that case). Everything else contributes a weight based on (a) severity and (b) whether it's a playbook violation or a general advisory. The sum is clamped to 0 – 100 so the scale stays bounded.
Weights
Playbook violations are weighted higher than generic advisories. Playbook rules are the hard lines you've declared, so breaking one hurts the score more than a passing concern the model surfaces on its own.
| Severity | Playbook violation | General advisory |
|---|
| Critical | +28 | +20 |
| High | +17 | +12 |
| Medium | +9 | +6 |
| Low | +4 | +2 |
Worked example
A contract surfacing one critical playbook violation, one high playbook violation, one medium general advisory, and one low general advisory:
| Risk | Contribution |
|---|
| critical (playbook) | +28 |
| high (playbook) | +17 |
| medium (general) | +6 |
| low (general) | +2 |
| Risk score | 53 |
| Health score | 47 |
The score is live
The score isn't a frozen snapshot from the moment of upload — it follows what you do with the contract and the playbook behind it.
- →
Accepting or dismissing a risk drops it from scoring. Open risks count their full weight; settled risks count zero. The contract's score recomputes the moment you flip the review status.
- →
Changing a playbook rule's severity propagates to every open risk that was flagged by that rule. The risks get re-rated to the new severity and the contracts they belong to are re-scored in the same step. Already-settled risks are left alone — they reflect a review decision and aren't retroactively re-rated.
- →
Disabling a rule (toggle off) makes all of its open risks stop counting toward the score and stops showing them on the contract page. The contract scores re-compute immediately. Re-enabling the rule brings the risks (and their score impact) back.
- →
Removing a rule deletes its open risks (they no longer apply) and recomputes affected contract scores. Risks you already accepted or dismissed are kept as history but disconnected from the now-deleted rule.
- →
Tailoring your playbook (the wizard on the Playbooks page) cascades the same way. For example, telling us you process personal data bumps Data Privacy to critical, and every open data-privacy risk across all your contracts gets re-weighted immediately.
- →
Re-rating any single risk on the contract page works the same way. Open a risk, pick a new severity, and the contract score recomputes immediately. This covers general advisories (which aren't tied to a playbook rule) and lets you override a playbook rule's severity for one specific contract — useful when a clause flagged by the AI doesn't feel as serious for this particular deal, or when you want to escalate it. Note: changing the underlying playbook rule's severity later will overwrite per-risk customizations.
Health score bands
80 – 100Low risk
60 – 79Moderate risk
40 – 59Elevated risk
0 – 39High risk — legal review required