You will see the controls that matter most to a regulator and the controls that matter most to a CISO, scored separately.
The instrument is open and the scoring algorithm is published. Where two of your team disagree, the methodology shows why.
The scoring sheet has been run on 90 vendors. Aggregate findings are published quarterly with vendor names anonymised.