BitSight Technologies, Inc. Responsible Disclosure Policy

To maintain the integrity of the Bitsight Technologies, Inc. (“Bitsight”) security ratings products and services (the “Security Ratings”) and industry research, Bitsight follows principled guidelines, as outlined below:

  • Provide transparency about the security ratings process.
  • Standardize treatment for customers and noncustomers.
  • Practice responsible disclosure in how we share ratings.
  • Provide a process for appealing ratings content (for customers and noncustomers), including escalation to Bitsight’s Policy Review Board.
  • Enable any rated organization (including noncustomers) to get access to their rating details pursuant to Bitsight’s terms and conditions found here: https://service.bitsighttech.com/accounts/tos/ (the “Bitsight Terms”).
  • Facilitate participation and engagement with standards bodies, regulators and governmental bodies and is a signatory to the Principles for Fair and Accurate Security Ratings.

Bitsight firmly believes that integrity is the mark of a true security ratings authority.

We believe in providing transparency about our ratings and we provide information in our portal about how ratings are calculated (i.e. which risk vectors were considered and their relative weighting) in our Knowledge Base. When we change our algorithms, we provide advance notice and demonstrate how such change will impact ratings.

We treat customers and noncustomers the same—our algorithms do not take into account whether an entity is a customer or not. In addition, we provide free access to our ratings for a limited period of time to all rated entities who have agreed to the Bitsight Terms and will work with any rated entity to address any concerns about its rating, regardless of whether it is a paying customer.

We do not initiate public discussions about specific ratings of individual companies via public forums (e.g. news outlets, industry events, etc.). We do provide valuable insight into security through aggregate and industry trends.

We believe that any organization using Bitsight Security Ratings should have a way to dispute its ratings formally if it believes its Bitsight rating does not accurately reflect its security posture. Bitsight has a Policy Review Board that reviews issues of transparency, fairness, and balance regarding Bitsight Security Ratings. For more information, see our Trusted Ratings page https://www.bitsight.com/security-ratings/trusted-ratings, which provides Bitsight’s Dispute, Correction, and Appeal process.

We also believe that responsible disclosure includes collaboration and sharing of information with law enforcement and governmental organizations and we offer our Sovereign Ratings product to help support these goals.

Last updated: September 19, 2022
Reviewed: Annually