Which description matches a commonly used vendor risk rating scale and its interpretation?

Vendor risk rating scales are meant to translate assessments into a simple, actionable risk level so teams can consistently decide what due diligence and monitoring are required. The most common approach uses a 1–5 scale with defined criteria for each level, where 1 represents low risk and 5 represents high risk. This setup gives a clear, linear progression: as the score increases, risk increases, making it easy to prioritize vendors and allocate resources accordingly. Having defined criteria for each point reduces ambiguity and ensures different assessors reach the same conclusion about a vendor’s risk. Other options diverge from this standard in ways that create confusion. Inverting the scale so that higher numbers mean lower risk flips the interpretation and complicates prioritization. A 0–4 scale introduces a zero point that may not align with how risk is weighed in practice, and a 1–10 scale with high risk labeled as moderate disrupts the intuitive mapping between score and risk level. These issues make consistent decision-making harder, which is why the 1–5 with 1 = low risk and 5 = high risk is the best match.