Bitsight firmly believes that integrity is the mark of a true security ratings authority.

We have led the charge in creating a rating system and approach that is entirely transparent to the market. As an organization, we are proud of our independence and objectivity and are committed to applying our process consistently and uniformly.

We have led the charge in creating a rating system and approach that is entirely transparent to the market. As an organization, we are proud of our independence and objectivity and are committed to applying our process consistently and uniformly.

Bitsight is committed to creating trustworthy, data-driven, and dynamic measurements of organizational cybersecurity performance derived from objective, verifiable information. To reinforce this belief, Bitsight established the guidelines for responsible development of security ratings. In 2017, Bitsight helped create the "Principles for Fair and Accurate Security Ratings,” (PDF) a series of practices developed alongside some of the world’s largest and most risk-focused companies. These Principles affirm the critical role of security ratings in society and the important responsibility that Bitsight holds in creating these measurements. Learn more

Transparency
Accuracy & validation
Independence
Dispute, correction & appeal
Model Governance
Confidentiality
Our commitment to transparency about methodology and data collection extends to all rated entities, not just our customers. From clearly illustrating how we develop asset maps, to what types of data we evaluate and incorporate into security ratings, organizations can be confident with what they see in Bitsight data.

Bitsight ratings are meaningful measurements of organizational security performance. We publish research highlighting our own analyses.  We are also the only the only security rating provider with third-party validation to how our ratings correlate with breaches and the stock performance of an organization. We can promise organizations only the most critical and high quality data is included in our rating, ensuring the results are actionable for customers and our audience.

Dive deeper into our accuracy promise and read more about the “Principles for Fair and Accurate Security Rating” here.

Trust that Bitsight ratings are independent of any external relationships when you get cybersecurity ratings from Bitsight. Commercial agreements do not have an impact on an organization’s rating.

While Bitsight is confident in the accuracy and objectivity of our security ratings, we believe that any organization, regardless of whether they are a Bitsight customer or not, should have a way to understand and dispute their rating.

With our Policy Review Board and defined steps for handling ratings disputes, organizations can trust Bitsight has their back in creating an accurate rating.

Bitsight regularly updates its rating methodology. This includes enhancing our statistical models with the addition of tens of thousands of companies to our inventory, and incorporating feedback from our customers. Furthermore, the Bitsight External Advisory Board -- comprised of public and private sector leaders -- provides advice and counsel on Bitsight ratings, methodologies, models, and their associated inputs and data, as well as improvements Bitsight can make to help organizations access, evaluate, and impact their ratings and associated data.

Bitsight believes strongly in data confidentiality. We abide by our Code of Conduct and our policy of Responsible Disclosure, as well as maintain a public view of our “Rights of Rated Organizations” to ensure organizations are protected and given fair access to their data.