SecurityScorecard is trusted by public sector agencies, financial regulators, and industry groups. We’re committed to maintaining data privacy and compliance for our customers, partners, and vendors.
Compliance and Regulatory Information
We have successfully completed AICPA SOC 2® examinations since March 31st, 2019 and we’re currently SOC 2 certified. If you’d like to see our SOC 2 documentation, please contact us.
Compliance with export regulations
We comply with applicable US and international laws and regulations on export controls.
Compliance with applicable privacy laws and regulations
About our systems
We do not maintain our own cloud servers. Instead we buy in-cloud computing services from other vendors, most notably AWS. We use AWS in the United States to process ratings data and store and process customer data.
Cooperation with regulators and trade organizations
SecurityScorecard’s Attack Surface Intelligence solution has been added to the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Program’s approved products list (APL).
Ratings are non-intrusive. Data we collect is all publicly observable from the open Internet.
SecurityScorecard picks up signals non-intrusively about an organization’s digital footprint.
Scans the entire IPv4 web space, and collect publicly observable data.