OTA Announces Methodology for Ninth Annual Online Trust Audit

Share Article

Criteria updated to reflect new security standards, responsible privacy practices, and globally accepted security and resiliency best practices

As online trust continues to be undermined by criminal activities and increasingly common cyber incidents like ransomware, DDoS attacks and email compromises, now more than ever businesses need to adopt data security and privacy enhancing best practices

The Online Trust Alliance today released the methodology for the forthcoming 2017 Online Trust Audit and Honor Roll. This marks the ninth consecutive year OTA has conducted its Online Trust Audit report to drive awareness of responsible online privacy and data security practices, and recognize leaders in the public and private sectors who have embraced them.

As the only comprehensive, independent online trust benchmark study, the OTA Online Trust Audit evaluates websites in three categories: consumer protection, responsible privacy practices and security. Based on a composite weighted analysis, sites that score 80 percent or better overall, without failing in any one category, will be recognized in the Honor Roll. This study will analyze up to 1,000 consumer-facing websites including the Internet Retailer 500, top 100 FDIC banks, top 100 consumer service sites, government agencies, and top 100 news and media companies. In addition, the 2017 Audit includes a new category focused on Internet Service Providers, mobile carriers and email providers.

The 2017 methodology incorporates input from leading companies, consumer groups, security professionals and associations who responded to OTA’s call for public comment issued last September as well as generally accepted and deployed security standards. Data collection and evaluations will commence in late April running through mid-May, with the report being published in mid-June.

“As online trust continues to be undermined by criminal activities and increasingly common cyber incidents like ransomware, DDoS attacks and email compromises, now more than ever businesses need to adopt data security and privacy enhancing best practices,” said Craig Spiezle, Executive Director and President of the Online Trust Alliance. “The Online Trust Audit and Honor Roll recognizes those organizations that show exemplary commitment to consumer and data protection, underscoring the importance of meaningful self-regulation.”

The Online Trust Audit focuses on the three key pillars:

  • Consumer Protection - Email authentication, domain security and anti-phishing technologies.
  • Privacy - Policies and practices including data retention, disclosures, user anonymity, third-party data sharing, opt-out mechanisms and observing sensitive data barriers.
  • Security & Resiliency - Site configuration, Secure Sockets Layer (SSL) infrastructure, presence of site vulnerabilities, observed malware, and related security and data protection enhancing controls.

The Online Trust Audit has historically recognized those organizations that “walk the talk.“ Announced in June 2016, the 2016 top 10 scoring sites of the OTA Audit were:
1. Twitter (twitter.com)
2. HealthCare.gov (healthcare.gov)
3. Pinterest (pinterest.com)
4. The White House (whitehouse.gov)
5. Dropbox (dropbox.com)
6. FileYourTaxes (fileyourtaxes.com)
7. LifeLock (lifelock.com)
8. Instagram (instagram.com)
9. 1040.com (1040.com)
10. The Gap (gap.com)

As the privacy and data security landscape continues to evolve, so does the methodology, criteria and scoring of the Online Trust Audit. Key changes in the 2017 methodology include more stringent scoring for server and SSL configurations, increased weighting of Domain Message Authentication Reporting & Conformance (DMARC) records, and privacy policy transparency including clarify and transparency of privacy policies, Do Not Track (DNT) disclosures and revision tracking of policy changes. Additional enhancements include evaluating sites’ capabilities to counter Domain Name System (DNS), Distributed Denial of Service (DDoS) and botnet attacks, and sites having a discoverable vulnerability reporting mechanism and adopting multi-factor authentication to help counter unauthorized account takeover and password resets. The 2017 Audit methodology is posted at https://otalliance.org/2017Methodology.

About OTA
The Online Trust Alliance (OTA) is a non-profit think tank with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, eCommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors. https://otalliance.org

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jaci Hendricks-Scott
@otalliance
Follow >
Visit website