NodeVault uses a six-factor weighted composite model to produce a single, defensible risk score (0–100) for every node in your supply chain. Here is exactly how it works — every weight, every benchmark, every data source.
Each factor is normalised to its maximum contribution, then summed. The result is a continuous 0–100 score that drives a five-level grade. The score updates automatically as you fill in node data — you can watch individual factors change in real time in the Risk tab of any node.
The weights reflect two principles from supply chain risk literature: single-source dependency is weighted equally to operational risk because it makes every other risk factor irrelevant when a disruption occurs — a reliable supplier with no backup is still a single point of failure. And lead time is weighted as a risk amplifier, not a standalone risk — it determines how long your organisation is exposed when any other factor triggers a disruption.
Click into each factor to understand exactly what you are scoring and why.
Your direct assessment of this supplier's operational reliability — quality consistency, on-time delivery history, management stability, and capacity resilience.
Source: Internal procurement assessment
The political stability, rule of law, regulatory predictability, and infrastructure quality of the country where this node operates. Based on World Bank Governance Indicators.
Source: World Bank Worldwide Governance Indicators (WGI)
Trade tension, sanctions exposure, export restriction risk, and military conflict proximity specific to this node's location and the goods it produces.
Source: US OFAC sanctions lists, BIS Export Control Classification, Kearney Reshoring Index
Whether a qualified alternative supplier exists. Single-source dependency is the largest binary risk factor — when this supplier fails, there is no fallback. It carries the same weight as operational risk.
Source: Procurement qualification records
Long lead times amplify every other risk factor — they reduce your ability to respond to disruptions and require larger inventory buffers. Scaled from 0 (≤7 days) to full 10 points (90+ days).
Source: Logistics data and supplier lead time commitments
Measured against industry benchmarks: 95% OTD and 99% quality score. Suppliers below benchmark are penalised proportionally. A supplier at 75% OTD contributes the full 10 points.
Source: Supplier scorecards, ERP delivery data
Composite scores map to five grades. Thresholds are calibrated so that a node with no special risk factors scores in the Low band, and a single-source node in a high-risk country with poor performance reaches Critical automatically.
Well-diversified, stable, high-performing. Standard monitoring cadence.
Minor concerns, manageable exposure. Quarterly review recommended.
Notable risks present. Active mitigation plan recommended.
Significant exposure. Immediate mitigation action required.
Unacceptable risk. Executive escalation and urgent intervention required.
TSMC (Taiwan Semiconductor) — the highest-risk node in our example supply chain.
Note: Even with excellent OTD (97.2%), the combination of Taiwan geopolitical exposure, single-source status, 90-day lead time, and high country risk drives this node to Critical. This is the correct result — operational performance does not offset structural risk.
Load the pre-built global electronics example to see composite risk scores calculated live across a 16-node, 15-route supply chain.
Open the Map →