How we score virtual data rooms
Published Last updated
Every provider on Data Room Reviews earns its score the same way: 40+ criteria, five weighted categories, hands-on testing blended with verified user data, and no path for a vendor to buy a better result. This page explains exactly what we measure, how the weights work, and where the numbers come from, so you can judge the ranking on its merits rather than take it on trust.
The scoring model is owned by the Data Room Reviews editorial team and is applied identically to every product, including the ones we rank highest.
What we score, and why those five categories
We break a virtual data room down into five categories. Each one maps to a real question a buyer asks before signing a contract: is my data safe, can it run the deal, will my team actually use it, will someone answer when it breaks, and do I know what I am paying for. The weights below reflect how much each category tends to decide the outcome of a real project, not how easy it is to measure.
| Category | Weight | What it captures |
|---|---|---|
| Security and compliance | 30% | Encryption, access controls, certifications, audit trail, data residency |
| Deal and document features | 25% | Q&A, permissions granularity, bulk upload, redaction, reporting |
| Ease of use | 20% | Setup time, admin clarity, guest experience, mobile, search |
| Support and onboarding | 15% | Response times, channels, project management, documentation |
| Pricing transparency | 10% | Published pricing, trial terms, overage clarity, contract flexibility |
Security carries the most weight because a data room exists to protect confidential material during high-stakes transactions; a strong feature set cannot offset a weak permission model. Pricing transparency carries the least not because price is unimportant, but because a fair rank should reward the product itself, not just the provider that happened to publish a rate card.
The 40+ criteria in full
Inside each category sit the individual criteria we test and rate. The list is deliberately granular so that a single strong or weak feature moves the score by a defensible amount rather than swinging the whole verdict.
- Security and compliance: encryption at rest and in transit, granular document permissions, dynamic watermarking, view-only and no-download modes, remote shred or access revocation, two-factor authentication, single sign-on, IP and time restrictions, session timeouts, ISO 27001 certification, SOC 2 reporting, GDPR alignment, HIPAA support where health data applies, data residency options, and a tamper-evident audit trail.
- Deal and document features: structured Q&A with roles and routing, bulk and drag-and-drop upload, auto-indexing, full-text search, in-platform redaction, version control, folder templates, permission inheritance, expiry and retention rules, and activity or engagement reporting.
- Ease of use: time to first live room, admin console clarity, invite and guest-access flow, mobile and browser experience, search speed and accuracy, and bulk-permission handling.
- Support and onboarding: live channels offered, published response-time targets, assigned project management, 24/7 availability, migration help, and depth of self-serve documentation.
- Pricing transparency: whether pricing is published, trial availability and length, per-page or per-user overage clarity, month-to-month options, and how easy it is to get an exact quote.
Each criterion is rated on a 0 to 5 scale from primary evidence. A criterion scores 5 only when we have verified it ourselves or against provider documentation and independent user reports agree; a feature that exists on a spec sheet but fails in testing does not earn full marks.
How a raw score becomes a 0 to 10 rating
Criterion ratings roll up into a category percentage, the five category percentages are combined using the weights above, and the weighted result is expressed as a single 0 to 10 score shown on every review and comparison. The math is intentionally boring: no hidden bonuses, no editor’s thumb on the scale, no rounding that quietly favours one product.
A worked example: a provider that is excellent on security (28 of 30), strong on deal features (21 of 25), average on ease of use (13 of 20), good on support (12 of 15) and thin on pricing transparency (5 of 10) lands at 79 of 100, shown as 7.9. Change any input and the output moves predictably. Because the weights are fixed and public, two people scoring the same product from the same evidence should reach the same number.
Where the evidence comes from
Two independent inputs feed every score, and we keep them separate so one cannot quietly inflate the other.
- Hands-on testing. We create a live room in each product, upload a realistic document set, build permission groups, run a mock Q&A, export the audit log and pull current pricing. Those observations, dated and with screenshots, drive the criteria we can verify directly.
- Verified user data. We blend in aggregated ratings and written reviews from independent platforms such as G2 and Capterra, weighted toward recent, verified reviews. This catches the things a short test cannot: reliability over months, support quality on a bad day, and how the product holds up at scale.
Where our hands-on finding and the user data disagree, we say so in the review rather than average the tension away. First-hand experience settles anything we tested ourselves; user data settles longevity and support questions we cannot compress into one testing session.
No vendor pays for a better score
This is the line that matters most, so it gets its own section. No provider can pay for a higher score, a better rank, faster placement, or the removal of a documented con. Scores are set from evidence before any commercial conversation, and they do not change afterward.
We may earn a commission when a reader signs up with some providers through our links. That relationship funds the testing; it never touches the scoring model. Commercial links are labelled and kept to ranked and comparison surfaces, never woven into the analysis, and a product’s score is identical whether or not such a relationship exists. If a top-ranked product develops a real weakness, the score drops, commercial ties notwithstanding.
How often scores change
Virtual data rooms ship features and revise pricing constantly, so a stale score is a wrong score. We re-check the top-ranked products and any provider with a live pricing change monthly, and we run a full re-test of every product on the site at least twice a year. Every review and comparison carries a visible last-updated date so you can see how current the verdict is, and pricing always keeps the caveat that figures are indicative and should be confirmed with the provider.
If you believe a score is out of date or a criterion is mis-rated, tell us. The review process page explains exactly how we test and how to flag an error, and every correction we make is reflected in the next update.