Introducing the Data-to-Rating Framework

A methodology for turning public digital evidence into structured judgment

AT Worthy is publishing the Data-to-Rating Framework, or D2R, as a methodological foundation for a new generation of evidence-based ratings.

D2R addresses a practical question that is becoming central to digital trust: how can publicly available data be transformed into credible, comparable, and contestable assessments?

Organizations, public authorities, platforms, vendors, and jurisdictions now leave extensive digital traces. Websites, public registries, service portals, policy disclosures, procurement notices, app listings, public repositories, review environments, technical interfaces, dashboards, and machine-readable records all reveal fragments of institutional behavior. These traces do not reveal everything. They do not replace audits, inspections, interviews, or privileged access to internal records. But in many domains, they provide enough observable evidence to support structured external judgment when handled with methodological discipline.

That is the purpose of D2R.

D2R is not web scraping. It is not a popularity ranking. It is not a black-box score. It is a public-data methodology for converting observable evidence into signals, features, indicators, scores, ratings, confidence levels, and governed interpretation.

Why this matters now

Many assessment systems were designed for an older evidence environment. If an assessor wanted to understand an organization, a product, or a public institution, the starting point was often a questionnaire, site visit, interview, audit file, or voluntary disclosure.

Those tools remain necessary. In high-stakes contexts, no responsible methodology should pretend that public data can reveal all internal controls, operational practices, legal compliance, security posture, or governance effectiveness.

But the evidence environment has changed.

Digital systems constantly produce public traces. Software projects expose code, dependencies, releases, issue histories, configuration files, security signals, and software bills of materials. Public agencies publish service portals, AI use case inventories, consultation channels, open-data catalogs, and digital service records. Companies reveal aspects of their governance, transparency, accessibility, customer experience, and technical posture through public-facing systems and disclosures.

The problem is no longer only access to information. The problem is interpretation.

What should count as evidence? Which public signals are strong and which are weak? How should a methodology distinguish a polished statement from an operational artifact? How should a rating separate low performance from low confidence? How can a user challenge stale, incorrect, or misattributed evidence?

D2R was created to answer these questions.

What D2R does

The Data-to-Rating Framework defines a disciplined chain from public evidence to structured judgment.

First, a construct is defined. The methodology must state what is being assessed and what is excluded.

Second, a public evidence perimeter is established. This identifies which public sources are admissible, lawful, relevant, and within scope.

Third, public data is collected, recorded, and versioned.

Fourth, data is qualified as signals only when it is relevant to the construct.

Fifth, features are extracted from those signals.

Sixth, features are mapped to indicators and dimensions.

Seventh, scores are produced through documented rules.

Eighth, scores are translated into ratings or other user-facing categories.

Ninth, confidence is assigned.

Finally, the result is governed through evidence traceability, human review, methodology versioning, and correction pathways.

This chain matters because a rating should not appear as an unsupported symbol. A serious rating must carry an evidence lineage. It should be possible to understand what was assessed, which public sources were used, how recent the evidence was, how strong the inference is, and what limitations attach to the result.

Public evidence is not all equal

A central principle of D2R is that public evidence has different strength.

A public claim is not the same as a structured disclosure. A structured disclosure is not the same as an operational artifact. An operational artifact is not the same as repeated behavior observed over time. Corroborated public evidence across independent sources is stronger than an isolated statement.

This distinction protects assessment from superficial scoring. Many entities can publish commitments. Fewer can maintain visible systems, records, channels, repositories, inventories, interfaces, or correction patterns that demonstrate implementation over time.

D2R therefore evaluates public evidence according to its interpretive strength, recency, provenance, attribution, corroboration, and resistance to manipulation.

Confidence is not optional

One of the most important features of D2R is the separation between score and confidence.

A low score with high confidence is different from a low-confidence assessment. A strong negative finding may be supported by current, corroborated evidence. A weak finding may reflect missing, stale, inconsistent, or ambiguous evidence.

No observable evidence is also different from proven failure. In some transparency assessments, silence may itself be meaningful. In other domains, silence may simply mean that the available public evidence is insufficient.

D2R treats confidence as part of the assessment, not as a footnote.

This is essential for responsible public-data ratings. Without confidence, public-data assessment can create false precision. With confidence, users can distinguish what the evidence shows, what it suggests, and what it cannot support.

D2R and AT Worthy

D2R strengthens the methodological foundation of AT Worthy's work.

Digital Worthiness assesses whether a digital experience, service, organization, or institution is worthy of trust, use, and recommendation.

AI Worthiness assesses whether an AI product, vendor, organization, or ecosystem is useful, trustworthy, governable, and appropriate for responsible adoption.

D2R explains how public evidence can support these assessments.

It provides a disciplined process for moving from observable data to structured judgment. It also establishes safeguards around confidence, evidence traceability, human review, and contestability.

In practical terms, D2R helps AT Worthy build ratings that are more transparent, more scalable, more updateable, and more defensible.

Not a replacement for audit

D2R should not be misunderstood as a replacement for audits, inspections, certifications, or questionnaire-based assessments.

Its role is complementary.

Audits and inspections remain necessary where internal controls, confidential records, legal assurance, professional verification, or non-public evidence are required. Questionnaires remain useful where public evidence is incomplete and direct clarification is needed.

D2R changes the sequence. Instead of beginning only with self-reporting, it begins with public observation. Questions, audits, and deeper reviews can then focus on evidence gaps, conflicts, internal verification, and high-stakes interpretation.

This makes assessment more efficient without making it less serious.

A framework for continuous assessment

D2R is especially relevant in fast-moving domains.

Digital services change. AI tools evolve. Public policies are updated. Software dependencies shift. Vendors revise their documentation. Public agencies publish new inventories. Service interfaces appear, disappear, or degrade. Incident communications, procurement notices, and public repositories can change the evidence picture quickly.

A static rating cannot fully capture this environment.

D2R supports continuous or near-continuous assessment by making public evidence refreshable, versioned, and event-triggered. A new disclosure, public policy update, repository change, service modification, incident notice, or correction can trigger reassessment.

This does not mean that ratings should change automatically without human control. It means the evidence layer can become dynamic while judgment remains governed.

A disciplined path from data to trust

The promise of D2R is not that public data can tell us everything. It cannot.

The promise is that, where relevant qualities leave observable traces, public data can be converted into structured judgment through a disciplined method.

That method must define the construct, qualify the evidence, extract signals carefully, document the scoring logic, assign confidence, preserve human authority, and allow correction.

This is the difference between arbitrary scoring and responsible rating.

AT Worthy is publishing the Data-to-Rating Framework because the future of assessment will require more than periodic questionnaires and opaque rankings. It will require public-evidence systems that are transparent, updateable, contestable, and governed.

D2R is AT Worthy's contribution to that future.