The Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2024
Compliance and Regulatory Information
SecurityScorecard is trusted by public sector agencies, financial regulators, and industry groups. We’re committed to maintaining data privacy and compliance for our customers, partners, and vendors.
-
SOC 2
We have successfully completed AICPA SOC 2® examinations since March 31st, 2019 and we’re currently SOC 2 certified. If you’d like to see our SOC 2 documentation, please contact us.
-
Compliance with export regulations
We comply with applicable US and international laws and regulations on export controls.
-
Compliance with applicable privacy laws and regulations
SecurityScorecard is committed to the privacy of our customers and complying with all applicable privacy laws. We pick up signals non-intrusively about an organization’s digital footprint. For information please review our Privacy Policy.
-
About our systems
We do not maintain our own cloud servers. Instead we buy in-cloud computing services from other vendors, most notably AWS. We use AWS in the United States to process ratings data and store and process customer data.
Cooperation with regulators and trade organizations
-
NYDFS
The New York Department of Financial Services (NYDFS), uses our ratings to monitor its regulated entities
-
CSA
Cloud Security Alliance (CSA) members have access to a SecurityScorecard Enterprise License, which gives them the ability to benchmark themselves against the CSA Cloud Controls Matrix (CCM).
-
JCDC
SecurityScorecard has partnered with the Joint Cyber Defense Collaborative (JCDC) to share cyber threat information in defense of public and private critical infrastructure.
-
CSBS
The U.S. Conference of State Bank Supervisors (CSBS) provides state financial regulators with access to SecurityScorecard’s cybersecurity ratings platform and connected services.
-
CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SecurityScorecard to its catalog of Free Cybersecurity Services and Tools.
-
DHS
SecurityScorecard’s Attack Surface Intelligence solution has been added to the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Program’s approved products list (APL).
Active memberships
-
CYBER THREAT ALLIANCE
SecurityScorecard is an active member of the Cyber Threat Alliance
-
WEF
Part of the World Economic Forum’s (WEF) global innovators community.
-
ISACS
SecurityScorecard is proud to support 14 industry Information Sharing and Analysis Centers through our ISAC Partner Program.
