Cybersecurity and Privacy at SecurityScorecard

SecurityScorecard takes the security and protection of client data and information as paramount in ensuring that confidential client information is protected. This statement is provided as a summary of certain practices relating to information security that are undertaken.

SecurityScorecard security requirements supplement any, and applicable local regulatory requirements, including, but not limited to, data protection and privacy.  

SecurityScorecard has in place commercially accepted standards of physical and IT technology security to prevent information / data loss, damage to data, alteration of data or it’s destruction.

SecurityScorecard follows generally accepted standards and procedures to deal with Cybersecurity threats and risks for the territories in which they operate.  SecurityScorecard utilizes the Cybersecurity Capability Maturity Model (C2M2) and Building Security-In Maturity Model (BSIMM) to assess and measure its progress toward these industry best practices.

Access to data is only available to authorised individuals and is controlled and monitored to maintain safety and confidentiality. Employees are educated to limit the potential of them inadvertently compromising information security.

SecurityScorecard agrees to comply with a set of core IT security standards across a range of key areas of IT controls. SecurityScorecard IT / CyberSecurity areas:

  • Security Policies
  • Access Control
  • Virus Control
  • Personal Computer Operating Systems
  • Server and Network Maintenance

  • Employee Training
  • Backup
  • Disaster Recovery Planning
  • Incident Response
  • System Hardening

SecurityScorecard is committed to consistent reassessment of its policies and practices and adjusting implementation where applicable.

Privacy is very important to SecurityScorecard. On May 25, 2018, the General Data Protection Regulation (“GDPR”) of the European Parliament took effect, restricting the processing of personal data of individuals within the European Union by companies established in the European Union or who offer goods or services to or monitor the behavior of individuals within the European Union. SecurityScorecard has analyzed its operations in light of these standards and has determined that its operations do not fall into any of these categories and that its operations fall outside GDPR’s coverage.

Nonetheless, because privacy is so important to SecurityScorecard and its clients, SecurityScorecard has decided to voluntarily adopt relevant components of GDPR into a privacy compliance program designed to protect data of SecurityScorecard and its clients concerning individuals in the EU. SecurityScorecard kicked off its program as of Spring 2018 and has since formally blended GDPR standards into its policies, procedures, and operations.  For the details of this program, please contact us at [email protected]

SecurityScorecard is compliant with major privacy, security and regulatory frameworks across the US and globally.

Report Suspicious Behavior

Help us combat improper or unethical use of SecurityScorecard’s products or services. If something is wrong, tell us, so that we can investigate.

If you know of or suspect suspicious activity related to SecurityScorecard’s products or services, report it to us using this form in addition to your own IT or security team. Please describe the potential issue in as much detail as possible, so that our team can respond appropriately.


Thanks for submitting an issue. Our team will investigate and follow up with you at the email address provided.

Thanks for submitting a report request. Our team will follow up with you at the email address provided.


SOC 2 Type I controls over security, availability, and confidentiality.

SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA’s) existing Trust Services principles and criteria. The purpose of the SOC 2 report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, and confidentiality or privacy.

SecurityScorecard underwent a third-party audit to certify our ratings platform against this standard. We have successfully completed the SOC 2 Type 1 audit and now have a formal report attesting to our compliance available for download. Please use this form to request your copy today