Purpose of this stage: Not all gaps are equal. Every finding from the Inspect stage was scored on likelihood and impact, weighted for regulatory consequence, and assigned a priority tier.
Scoring Model
| Element |
Detail |
| Formula |
Likelihood × Impact |
| Scale |
1–3 for both Likelihood and Impact |
| Score Range |
1–9 |
| Critical |
7–9 |
| High |
5–6 |
| Medium |
3–4 |
| Low |
1–2 |
| GDPR Modifier |
Regulatory weight multiplier applied to GDPR findings to reflect direct enforcement exposure |
Priority Distribution
| Priority |
Finding Count |
| High |
22 |
| Medium |
13 |
| Low |
1 |
Remediation Phases
| Phase |
Findings |
Priority Level |
Timeline |
| Phase 1 |
6 |
High — Non-Compliant |
0–30 days |
| Phase 2 |
18 |
High Partially Compliant + Medium Non-Compliant |
30–90 days |
| Phase 3 |
12 |
Medium Partially Compliant + Low |
90–180 days |
What Was Done
Each of the 36 findings from the Inspect stage was scored using the Likelihood x Impact model. GDPR findings received an additional regulatory weight modifier reflecting the direct enforcement risk. All 36 findings were then mapped to a phased remediation roadmap with named owners, priority tiers, and target timelines calibrated to realistic internal capacity.
Inputs and Outputs
|
Detail |
| Inputs |
36 assessed controls with compliance statuses and gap narratives |
| Output |
Scored risk register, phased remediation roadmap, priority tier assignments |
| Field |
Detail |
| --- |
--- |
| Stage Status |
Complete |
| SHIELD Stage |
E — Evaluate |