<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">

Responsible Disclosure Policy

    Introduction

    To maintain the integrity of its Security Ratings and industry research, BitSight Technologies follows a strict code of conduct, as outlined below:

    • Provide transparency about the security ratings process.
    • Standardize treatment for customers and non­customers.
    • Practice responsible disclosure, including not sharing sensitive information with other companies without authorization.
    • Provide a formal ratings appeals process, including access to an independent ombudsman.
    • Accept payment only from the company purchasing a rating, not the company being rated (although a company can buy its own rating).
    • Facilitate participation and engagement with standards bodies and regulators.

    Responsible Disclosure

    BitSight firmly believes that integrity is the mark of a true security ratings authority.

    BitSight does not share sensitive information (e.g. IP details or event forensics) with other companies without authorization, nor do we publicly discuss specific ratings of companies via public forums (e.g. news outlets, industry events, etc.). We believe that we can provide valuable insight into security posture through aggregate and industry trends. We do not believe in discussing companies publicly without consent, as this can pose a security risk to an organization. Transparency in the name of press coverage is irresponsible and counterproductive.

    BitSight’s forensic details provide customers with information on compromised IP addresses, malware server names, destination IP addresses, ports, host names, and more for their own network. BitSight will grant any third party (whether or not a customer) access to its rating  for a limited period of time at no cost.

    We also believe that responsible disclosure includes collaboration with law enforcement and governmental organizations in compliance with applicable law. 

    Ombudsman Process

    A trusted ratings firm must offer a formal appeals process and an independent third party verifying that the appeals process is fair and unbiased. Organizations may wonder whether BitSight Security Ratings are applied consistently and uniformly across all companies. While we are confident in the quality of our data, we believe that any organization using BitSight Security Ratings should have a way to properly dispute its ratings. The BitSight ombudsman reviews issues of accuracy, fairness, and balance regarding BitSight Security Ratings. The ombudsman recommends approaches to address any issue and update BitSight data or processes as necessary via a formal appeals process.  For more information, see https://www.bitsighttech.com/ombudsman.

    Last updated:  April 28, 2017
    Reviewed:  Annually

     

    EXPERIENCE BITSIGHT SECURITY RATINGS PLATFORM NOW

    We’d love to show you how you can simplify your risk management and take charge of your cyber security with these intuitive and powerful solutions.

    Request Demo