Posted on Apr 30, 2019
SecurityScorecard today announced Trust, an online portal that focuses on providing viewers with visibility into how the SecurityScorecard platform works. In 2017, the U.S. Chamber of Commerce released the “Principles for Fair and Accurate Security Ratings.” Focused on six primary tenets, the “Principles for Fair and Accurate Security Ratings” established an industry-wide common approach to promoting quality, fairness, error resolution, and disclosure. Committed to these principles, SecurityScorecard’s “Trust” portal provides public information regarding the back-end processes while maintaining confidentiality.
Although wrapped into another tenet of the “Principles for Fair and Accurate Security Ratings,” data collection statistics provide insight into breadth and depth of scoring and monitoring. Security rating accuracy hinges on the amount of data collected - more data means stronger analytics.
The Trust portal continuously updates the number of companies we score, follow, and daily platform logins to give instant insight into the strength of the sample size for our security ratings.
Knowing the breadth of data only acts as the starting point to understanding security ratings. Transparency requires insight into the methodologies and findings that impact the scoring process.
Trust provides insight into weekly security issues gathered across over 80 types as well as a month’s worth of historical security issues discovered. As part of SecurityScorecard’s commitment to transparency, Trust also details the way in which our scoring algorithm accounts for company size, understanding that smaller companies have a smaller attack surface.
Dispute, Correlation, and Appeal
Best practices for security ratings require that companies be offered the right to challenge their ratings. With security ratings becoming a primary third-party vendor monitoring strategy as well as a consideration for other business decisions, a low security rating can lead to lost business opportunities.
Trust updates in near real-time to show the number of disputes, the number of compensating controls submitted to establish context, and the number of disputes remediated. SecurityScorecard’s Trust portal provides visibility into the low number of errors made when rating companies compared to the higher number of remediated security risks.
Accuracy and Validation
Ratings need to be data-driven and provide key performance indicators to prove governance over vendor risk management programs.
Trust provides easy-to-read, color-coded graphs quantifying security improvements for customers with engaged vendors.
When security ratings companies change their methodologies, they need to provide customers with reasonable notice, including the way in which the changes may impact existing ratings.
Trust details the current methodologies and the way in which SecurityScorecard notifies customers of changes, including emails, platform pop-ups, and white papers detailing the changes.
Best practices include maintaining data integrity and independence by providing all rated companies, including non-customers, with the opportunity to see and challenge their rating.
Trust provides all rated companies with information about how to contact SecurityScorecard so that they can challenge or obtain information about their rating.
As part of the challenge or dispute process, sensitive information may be disclosed to a security ratings company.
Trust provides public information about how SecurityScorecard maintains data confidentiality and data security to ensure integrity.
SecurityScorecard’s Commitment to Fairness and Accuracy
Organizations increasingly rely on Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) vendors. Unfortunately, streamlining business operations increases cybersecurity risks.
SecurityScorecard’s security ratings enable organizations to scale and maintain data security protections with continuous monitoring over external threats to their own environments as well as their supply chain. SecurityScorecard believes that Trust is the way forward to securing data. Providing transparency over our data collection methodologies, resolution processes, and customer performance helps customers not only trust our ratings but also to verify our commitment to the principles of fairness and accuracy while protecting confidentiality.
With hackers finding new ways to attack third-parties in hopes of infecting a larger organization, the third-party ecosystem is more fragile than ever before.
The purpose of IT security risk assessment is to determine security risks to your company’s critical assets, and how much funding and effort should be used in their protection. Get started with SecurityScorecard’s step-by-step guide to managing your cyber risk.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen. The right vendor risk assessment template can be crafted to assure compliance with regulatory requirements.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.