Rimpact (Relative Impact) is a metric to estimate the impact of technical cybersecurity vulnerability considering business logic and the relationships of system components.
| Rimpact – Relative Impact | CVSS3.1 – Absolute Impact |
| Same technical vulnerabilities in different contexts have different scores | Same technical vulnerabilities in different contexts have same scores |
| Justifies the final score using Business Language | Justifies the final score using Tech Language |
| A strict linear formula from the pen test results | A strict linear formula from the pen test results |
| Defines business urgency to fix vulnerabilities | Defines SLAs to fix vulnerabilities |
Both metrics are distinct, independent, and work best when used together. LSCP uses CVSS 3.1 when reporting penetration test results to technical people, and Rimpact when reporting penetration test results to management.