This article discusses how an organization would define a scoring policy and which scoring approach to use when securing their data.
Define a Policy
Scoring Approach