<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">

Responsible Disclosure Policy

Introduction

To maintain the integrity of its Security Ratings and industry research, BitSight Technologies follows a strict code of conduct, as outlined below:

  • Provide transparency about the security ratings process.
  • Standardize treatment for customers and non­customers.
  • Practice responsible disclosure, including not sharing sensitive information with other companies without authorization.
  • Provide a formal ratings appeals process, including access to an independent ombudsman.
  • Accept payment only from the company purchasing a rating, not the company being rated (although a company can buy its own rating).
  • Facilitate participation and engagement with standards bodies and regulators.

 

Ombudsman Process

A trusted ratings firm must offer a formal appeals process and an independent third party verifying that the appeals process is fair and unbiased. Organizations may wonder whether BitSight Security Ratings are applied consistently and uniformly across all companies. While we are confident in the quality of our data, we believe that any organization using BitSight Security Ratings should have a way to properly dispute its ratings. The BitSight ombudsman reviews issues of accuracy, fairness, and balance regarding BitSight Security Ratings. The ombudsman recommends approaches to address any issue and update BitSight data or processes as necessary via a formal appeals process.  For more information, see https://www.bitsighttech.com/ombudsman.

Last updated:  April 28, 2017
Reviewed:  Annually

Experience the BitSight Security Ratings Platform

We’d love to show you how you can simplify your risk management and take charge of your cybersecurity with these intuitive and powerful solutions.

Get Your Rating