StaffGrid Methodology — The Compliance Transparency Index

The Compliance Transparency Index (CTI) is a 0-100 score that measures what a software vendor publicly documents about how they handle security, pricing, customer data, and corporate legitimacy. We score every tool in the StaffGrid directory (80 tools) using the same rubric.

The Four Components

Security — 40 points

• SOC 2 Type II certification — 10 points
• GDPR compliance documentation — 10 points
• SSO/SAML support — 10 points
• Published data retention policy — 10 points

Pricing — 25 points

• Public pricing page with specific dollar amounts — 15 points
• Free trial or free tier — 10 points

Data Rights — 20 points

• Output ownership clearly assigned to the customer — 5 points
• Training opt-out documented — 5 points
• Data export available — 5 points
• Data deletion procedure documented — 5 points

Legitimacy — 15 points

• Founded year disclosed — 5 points
• HQ location disclosed — 5 points
• Integration ecosystem documented — 5 points

Grades

• A: 85 points or higher
• B: 70 to 84 points
• C: 50 to 69 points
• D: below 50 points

What a Low Score Means

A low CTI score does not mean a tool is bad. It means the vendor has not made key procurement information publicly available. Vendors who disagree with their score can submit corrections through the Vendor Verified workflow; we update scores when we can verify the correction against public sources.

Verification

Every score is verifiable. Source URLs and verification dates are recorded on each review page. We re-verify on a rolling cadence and update scores when vendor documentation changes.