OpenScorecard — scoring for partners and business units
OpenScorecard evaluates partners, suppliers and business units across multiple levels — one platform, configurable scoring, self-service access for the evaluated side. Frameworks and questionnaires are configuration, not code. Apache 2.0, exit-ready, on-premise-capable.
Evaluation across multiple levels — partners and business units in one system. Anyone who has to evaluate suppliers, partners and internal units across multiple dimensions in a B2B context runs this today in separate tools and Excel worlds. OpenScorecard brings both onto one platform: the same evaluation mechanics, the same audit trail — plus a self-service access through which the evaluated side maintains its own data.
OpenScorecard is datatactics’ open-source evaluation platform — for partners, suppliers and business units that are evaluated, compared and tracked over time across multiple dimensions. Structured inputs — self-assessments, external ratings, maintained master data — become multi-dimensional, auditable scoring. Evaluation grids, questionnaires and scoring logic are configuration, not codebase. A new framework, a new self-assessment arrive without a release cycle. Business analysts maintain it; engineering doesn’t become the bottleneck.
Why one shared platform for partners and business units
The market sells evaluation in silos: one tool for supplier risk (TPRM), another for internal maturity and resilience assessment (GRC). Structurally both do the same thing — capture evaluation subjects, score them across multiple dimensions, track change, produce an audit trail. The separation grew organically, not from substance. Running both silos means maintaining master data twice, questionnaire logic twice, audit mechanics twice — and ending up with two islands that don’t talk to each other.
OpenScorecard is the shared answer: one component, one data model, one audit trail — for partners and business units on the same platform.
What OpenScorecard does
Evaluation across multiple levels. External partners and suppliers on one side, internal business units on the other — both as evaluation subjects in the same system, each with their own attribute set, relationships between them, multi-dimensional scoring and lifecycle status. Which level you evaluate is configuration of attributes and scoring rules, not new software.
Self-service for the evaluated side. Partners and business units get their own access with defined roles and rights, through which they maintain information about themselves — fill out self-assessments, deposit evidence, update master data. Evaluation isn’t a one-sided act over the heads of those evaluated, but a workflow in which the evaluated side participates in a structured way.
Multi-dimensional scoring, declarative. Not a single score per subject, but score vectors across multiple evaluation dimensions — comparable against each other, aggregatable, trackable over time. The scoring logic is declarative and low-code, maintainable by domain experts. Every score change carries user, timestamp and rationale.
Runtime-configurable questionnaires. New questions, answer logics, score mappings without a code deploy. A new evaluation grid — an industry standard, an internal maturity model, a regulatory requirement — is maintained directly by domain experts.
API-first. REST API with OpenAPI specification, OAuth2-authenticated. This makes OpenScorecard integrable into upstream processes — a new partner is created automatically on contract setup, BU structure changes propagate into the scoring logic, scores flow into downstream reports.
Continuous, not point-in-time. The platform scores continuously. External ratings, self-assessment updates, connected data sources flow in without anyone transferring them manually. Drift becomes visible, not first discovered at the next cutoff date.
Standalone-capable. OpenScorecard works on its own — self-assessments and maintained master data suffice for full scoring. Optionally connectable to an asset master or other data sources, if available, for enrichment at the asset level.
Use cases
- Partner and supplier evaluation — third-party risk across the entire supplier ecosystem, against freely configurable evaluation grids. The regulatory-driven variant (supply-chain compliance, third-party register) is just one evaluation grid among many here — see the case study for it.
- Business-unit evaluation — internal maturity and resilience scoring of multiple units against a shared grid, made comparable, with self-service participation by the units.
The data model also carries other evaluation subjects beyond this — the core case at datatactics is the evaluation of partners and business units in a B2B context.
In production
The first production implementation runs in a compliance program — as an evaluation platform for external IT suppliers and internal business units on the same component, with the same questionnaire mechanisms and the same audit architecture. The regulatory shape of this deployment is described in its own case study.
Open source and getting started
OpenScorecard runs on an Apache 2.0 runtime. No platform licenses, no vendor lock-ins, exit-ready in standard formats. You run on-premise or in any cloud — database, identity provider, data-source adapters are configurable, not prescribed. You can take the stack with you if you want to part ways with us. We operate and develop because you want us to — not because a license lock holds you.
Access runs through the Tactical Assessment: 30 minutes online, an experienced engineering lead listens and gives the assessment still in the call. If it fits, the architecture sprint closes with a validated implementation plan plus a fixed-price proposal for the engineering phase.
