BitSight believes that security ratings help address one of the greatest risks facing our society over the next century. BitSight was founded with the goal of increasing transparency about cybersecurity, enabling dynamic, informed interactions between global market participants and incentivizing a more trustworthy and secure global ecosystem.
BitSight is committed to creating trustworthy, data-driven, and dynamic measurements of organizational cybersecurity performance derived from objective, verifiable information. As an organization, we are proud of our independence and objectivity and are committed to applying our process consistently and uniformly.
BitSight is committed to creating trustworthy, data-driven, and dynamic measurements of organizational cybersecurity performance derived from objective, verifiable information. As the pioneer of the security ratings industry, BitSight established the guidelines for responsible development of security ratings. In 2017, BitSight helped create the "Principles for Fair and Accurate Security Ratings,” a series of practices developed alongside some of the world’s largest and most risk-focused companies. These Principles affirm the critical role of security ratings in society and the important responsibility that BitSight holds in creating these measurements.
BitSight is transparent with all organizations about our methodology and data collection. From clearly illustrating how we develop asset maps, to what types of data we evaluate and incorporate into security ratings, we are committed to being transparent with our customers and rated organizations about how we derive our ratings.
BitSight publishes research on the accuracy of our security ratings. We are also proud to be the only security rating company with third-party validation of how our ratings correlate to breaches and incorporate only the most critical, high quality data into security ratings to ensure the results are actionable for customers.
Independence is a hallmark of BitSight. Commercial agreements do not have direct impact on an organization’s rating.
While BitSight is confident in the accuracy and objectivity of our security ratings, we believe that any organization, regardless of whether they are a BitSight customer or not, should have a way to understand and dispute their rating.
BitSight updates the ratings methodology once a year, enhancing our statistical models from the addition of tens of thousands of companies to our inventory and feedback from our customers.
BitSight firmly believes that integrity is the mark of a true security ratings authority.
To maintain the integrity of its Security Ratings and industry research, BitSight follows a strict code of conduct, as outlined below:
Provide transparency about the security ratings process.
Standardize treatment for customers and noncustomers.
Practice responsible disclosure in how we share ratings.
Provide a process for appealing ratings content (for customers and noncustomers), including accessto an independent ombudsman.
Enable any rated organization (including noncustomers) to get access to their rating details.
Facilitate participation and engagement with standards bodies, regulators and governmental bodies and is a signatory to the Principles for Fair and Accurate Security Ratings.