SecurityScorecard Releases Industry’s First Trust Portal - What This Really Means

By Jeff Aldorisio

Posted on Apr 30, 2019

SecurityScorecard today announced Trust, an online  portal that focuses on providing viewers with visibility into how the SecurityScorecard platform works. In 2017, the U.S. Chamber of Commerce released the “Principles for Fair and Accurate Security Ratings.” Focused on six primary tenets, the “Principles for Fair and Accurate Security Ratings” established an industry-wide common approach to promoting quality, fairness, error resolution, and disclosure. Committed to these principles, SecurityScorecard’s “Trust” portal provides public information regarding the back-end processes while maintaining confidentiality.

Data Collection

Although wrapped into another tenet of the “Principles for Fair and Accurate Security Ratings,” data collection statistics provide insight into breadth and depth of scoring and monitoring. Security rating accuracy hinges on the amount of data collected - more data means stronger analytics.

The Trust portal continuously updates the number of companies we score, follow, and daily platform logins to give instant insight into the strength of the sample size for our security ratings.

Transparency

Knowing the breadth of data only acts as the starting point to understanding security ratings. Transparency requires insight into the methodologies and findings that impact the scoring process.

Trust provides insight into weekly security issues gathered across over 80 types as well as a month’s worth of historical security issues discovered. As part of SecurityScorecard’s commitment to transparency, Trust also details the way in which our scoring algorithm  accounts for company size, understanding that smaller companies have a smaller attack surface.

Dispute, Correlation, and Appeal

Best practices for security ratings require that companies be offered the right to challenge their ratings. With security ratings becoming a primary third-party vendor monitoring strategy as well as a consideration for other business decisions, a low security rating can lead to lost business opportunities.

Trust updates in near real-time to show the number of disputes, the number of compensating controls submitted to establish context, and the number of disputes remediated. SecurityScorecard’s Trust portal provides visibility into the low number of errors made when rating companies compared to the higher number of remediated security risks.

Accuracy and Validation

Ratings need to be data-driven and provide key performance indicators to prove governance over vendor risk management programs.

Trust provides easy-to-read, color-coded graphs quantifying security improvements for customers with engaged vendors.

Model Governance

When security ratings companies change their methodologies, they need to provide customers with reasonable notice, including the way in which the changes may impact existing ratings.

Trust details the current methodologies and the way in which SecurityScorecard notifies customers of changes, including emails, platform pop-ups, and white papers detailing the changes.

Independence

Best practices include maintaining data integrity and independence by providing all rated companies, including non-customers, with the opportunity to see and challenge their rating.

Trust provides all rated companies with information about how to contact SecurityScorecard so that they can challenge or obtain information about their rating.

Confidentiality

As part of the challenge or dispute process, sensitive information may be disclosed to a security ratings company.

Trust provides public information about how SecurityScorecard maintains data confidentiality and data security to ensure integrity.

SecurityScorecard’s Commitment to Fairness and Accuracy

Organizations increasingly rely on Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) vendors. Unfortunately, streamlining business operations increases cyber security risks.

SecurityScorecard’s security ratings enable organizations to scale and maintain data security protections with continuous monitoring over external threats to their own environments as well as their supply chain. SecurityScorecard believes that Trust is the way forward to securing data. Providing transparency over our data collection methodologies, resolution processes, and customer performance helps customers not only trust our ratings but also to verify our commitment to the principles of fairness and accuracy while protecting confidentiality.

Security Research in your Inbox

Thanks for siging up for the newsletter!

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!

Request a Demo

Thank you for requesting a demo!