The Internet Society's Online Trust Alliance Announces Methodology for Eleventh Online Trust Audit and Honor Roll

RESTON, Va., Sept. 25, 2019 /PRNewswire-PRWeb/ -- The Internet Society's Online Trust Alliance (OTA), which identifies and promotes security and privacy best practices that build consumer confidence in the Internet, today released the methodology for the forthcoming 2019 Online Trust Audit and Honor Roll. This marks the eleventh time OTA has conducted its Online Trust Audit, which promotes responsible online privacy and data security practices, and recognizes leaders in the public and private sectors who have embraced them.

As the only comprehensive, independent online trust benchmark study, the Online Trust Audit evaluates sites in three categories: consumer protection, site security and stated privacy practices. Based on a composite weighted analysis, sites that score 80 percent or better overall, without failing in any one category, will be recognized in the Honor Roll. The Audit will analyze more than 1,000 consumer-facing organizations including top online retailers, banks, consumer service sites, government agencies, news and media companies, Internet Service Providers, mobile carriers, email providers and web hosters, and healthcare companies. New in 2019 will be an audit of online retailers in Asia, Europe and Latin America.

The 2019 methodology incorporates input from leading companies, consumer groups, security professionals and associations, as well as generally accepted and deployed security standards. Data collection and evaluations will commence in late October and run through the end of November, with the report being published in January 2020.

"As highlighted in our recent Cyber Incident and Breach Trends Report, the number of cyber incidents continues to grow," said Jeff Wilbur, Technical Director of the Internet Society's Online Trust Alliance. "The vast majority of these incidents are preventable by following basic best practices, which we outline and assess in our Online Trust Audit. Organizations and their customers will both benefit from understanding and following these best practices."

Key changes to this year's Audit include:

    --  Consumer Protection (email authentication, anti-phishing, and domain
        security technologies) - increased weight for implementation of
        Domain-based Message Authentication, Reporting and Conformance (DMARC),
        and incorporation of opportunistic Transport Layer Security (TLS), which
        encrypts email between servers, into baseline (vs. bonus) scoring.
    --  Site Security (site configuration, TLS/SSL infrastructure, presence of
        site vulnerabilities, observed malware, and related security and data
        protection enhancing controls) -weight will be increased for
        "HTTPS-everywhere", and elements such as web security headers,
        application and network security, and software patching. Weight will be
        reduced for extended validation (EV) certificates.
    --  Privacy (stated policies and practices including data retention,
        disclosures, user anonymity, third-party data sharing, opt-out
        mechanisms and observing sensitive data barriers) - privacy statement
        assessment will make up the 100 baseline points while use of third-party
        trackers that share data inappropriately will reduce the baseline score.
        Data sharing language will be further segmented to provide more granular
        assessment. Do Not Track (DNT) will not be included in the assessment.
        Bonus points will be given for language following concepts included in
        new or upcoming privacy regulations such as General Data Protection
        Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

The full 2019 Audit methodology is posted at https://www.internetsociety.org/2019audit.

About the Internet Society's Online Trust Alliance (OTA)

The Internet Society's Online Trust Alliance (OTA) identifies and promotes security and privacy best practices that build consumer confidence in the Internet. Leading public and private organizations, vendors, researchers, and policymakers contribute to and follow OTA's guidance to help make online transactions safer and better protect users' data. The Internet Society is a global nonprofit dedicated to ensuring an open, globally connected, trustworthy, and secure Internet for everyone.

SOURCE Online Trust Alliance