Hi @ChuanYanF ,

In GRC, compliance score represents how compliant an item is with respect to its associated requirements, tests, and evidence.
It is calculated bottom-up, meaning:

Citations (Control Objectives / Requirements)

A citation typically maps to one or more controls.

Each control may have one or more indicator results / tests (automated or manual).

A citation’s compliance score is based on the percentage of passed tests.

Citation Score = (Number of Passed Test Results ÷ Total Test Results) × 100

Authority Documents (Parent Layer)

Authority Documents (e.g., GDPR, ISO 27001) contain many citations.

The compliance score for the Authority Document is a roll-up of all associated citations.

Authority Document Score = Weighted Average of all Citation Scores

Weighting depends on configuration — by default, it is equal weighting.

Policies (Business-facing layer)

Policies can be mapped to authority documents and citations.

Their compliance score is a roll-up of the linked authority documents/citations.

This provides a business-level view: “How compliant is my organization with the policy?”

 Policy Score = Weighted Average of linked Authority Document and/or Citation Scores

Also Please refer this link https://www.servicenow.com/community/grc-forum/authority-document-compliance-score/m-p/1294557