Updated - February 15, 2016
Got Trust? The Online Trust Audit continues to serve as benchmark of security, privacy and consumer protection best practices for organizations throughout the world. Consistent with OTA's view such standards and practices need to continually evolve to reflect the threat landscape, new standards and regulatory requirements, this year's methodology and scoring is being updated.
Initial changes for the 2016 methodology have focused on two primary areas, adoption of current SSL standards and the global privacy landscape, (already applied to the 2016 Presidential Candidates audit and planed audit for the upcoming eFile audit). As with past methodology updates made each year, the SSL tools have been enhanced to reflect compliance with current standards and protocols, while placing increased weighting on the exposure of known vulnerabilities and risks.
Through a multi-stakeholder review process the working group agreed to "raise the bar". Starting in 2016, sites with scores of SSL C’s will automatically receive failing grades in security, resulting in an overall audit fail. This change was necessitated as the primary causes of C grades are typically easy to address and a site with such scores should not be considered in the same mix as those site qualifying for the Honor Roll with A or B SSL scores.
Make a commitment and move from compliance to stewardship. To see if your site and brand is postured to qualify for the 2016 Honor Roll, visit the Online Trust Audit Methodology. Share your comments and help enhance data protection drive responsible privacy and data collection practices.