New governing board advances industry best practices for ratings algorithm evolution and dispute resolution process
BOSTON — November 18, 2020 — BitSight, the Standard in Security Ratings, today announced the creation of the BitSight Policy Review Board (PRB), a governing body responsible for overseeing the company’s security ratings algorithm, developing and adjudicating the dispute resolution process, and publishing critical decisions about changes to BitSight’s ratings methodology. This industry-leading initiative demonstrates BitSight’s ongoing commitment to upholding the Principles for Fair and Accurate Security Ratings and providing unsurpassed transparency into ratings decisions.
“As the creator of the Security Ratings category, BitSight has always believed that transparency creates trust,” said Steve Harvey, BitSight CEO. “BitSight Security Ratings are trusted by the global marketplace because of the rigor of our process, the accuracy of our ratings, and the breadth of security performance insights we provide. With the creation of the Policy Review Board and publication of key decisions, we provide unparalleled insight into the methodologies and decisions that underpin our ratings framework.”
The Policy Review Board consists of nine senior leaders across BitSight whose primary roles are independent from the company’s commercial functions in order to maintain commercial independence. Notable board members include BitSight CEO Steve Harvey, Co-founder and CTO Stephen Boyer, General Counsel Elizabeth Fischer and other department heads.
The Policy Review Board is another innovation to allow BitSight to continue curating the highest quality and most accurate security ratings in the industry. BitSight’s algorithms are closely monitored and updated based on customer feedback, guidance from industry experts, company research and reflection of the evolving threat landscape and security best practices. The Policy Review Board will now take ownership in leading BitSight’s internal review and approvals for proposed changes to the BitSight algorithm.
As always, BitSight remains committed to providing every organization insight into its own security performance free of charge. Any rated organization is given the opportunity to challenge the assets, findings, and interpretation of those findings used to determine a BitSight Security Rating and to provide corrected or clarifying data. Organizations may also dispute evaluation methodology or how their rating has been calculated. The Policy Review Board now leads the development and oversight of the dispute resolution process and publishes summaries of its decisions on a periodic basis.
With a strong commitment to transparency, BitSight has earned the trust of over 2,100 organizations, including 20 percent of the world’s governments to protect national security and more than 30 insurance carriers who collectively underwrite 50 percent of the world’s cyber insurance policies.
BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog or follow @BitSight on Twitter.