Reston, VA – August 23, 2018 – The Online Trust Alliance (OTA), an Internet Society initiative with the mission to enhance online trust, today released the methodology for the forthcoming 2018 Online Trust Audit and Honor Roll. This marks the tenth consecutive year OTA has conducted its Online Trust Audit, which promotes responsible online privacy and data security practices, and recognizes leaders in the public and private sectors who have embraced them.
As the only comprehensive, independent online trust benchmark study, the OTA Online Trust Audit evaluates sites in three categories: consumer protection, site security and responsible privacy practices. Based on a composite weighted analysis, sites that score 80 percent or better overall, without failing in any one category, will be recognized in the Honor Roll. The Audit will analyze more than 1,000 consumer-facing websites including top online retailers, banks, consumer service sites, government agencies, news and media companies, and Internet Service Providers, mobile carriers, email providers and web hosters. New in 2018 will be an audit of the healthcare sector, which will include the top hospital networks, pharmacies, health insurance companies and testing labs.
The 2018 methodology incorporates input from leading companies, consumer groups, security professionals and associations who responded to OTA’s call for public comments as well as generally accepted and deployed security standards. Data collection and evaluations will commence in late August and run through mid-September, with the report being published in mid-October.
“As noted in our most recent Cyber Incident & Breach Trends Report, there are a record number of cyberattacks on organizations,” said Jeff Wilbur, Technical Director of the Online Trust Alliance initiative at the Internet Society. “These attacks have a cascading impact on consumers which makes it essential for organizations to follow the latest security and privacy practices included in the Online Trust Audit criteria.”
Key changes to this year’s Audit include:
- Consumer Protection (email authentication, domain security and anti-phishing technologies) – more granular assessment of Domain-based Message Authentication, Reporting and Conformance (DMARC) support, and increased weight for use of opportunistic Transport Layer Security (TLS), which encrypts email between servers
- Site Security (site configuration, TLS/SSL infrastructure, presence of site vulnerabilities, observed malware, and related security and data protection enhancing controls) – increased weight for “HTTPS-everywhere” and elements such as patching cadence, application and network security, as well as bonus points for Certificate Authority Authorization (CAA)
- Privacy (policies and practices including data retention, disclosures, user anonymity, third-party data sharing, opt-out mechanisms and observing sensitive data barriers) – increased weight for archived privacy policies, broader inclusion of settlements and breaches, and bonus points for support of General Data Protection Regulation (GDPR) language
The full 2018 Audit methodology is posted at https://otalliance.org/2018Methodology.
The Online Trust Alliance is an initiative within the Internet Society (ISOC), a global non-profit dedicated to ensuring the open development, evolution, and use of the Internet. OTA’s mission is to enhance online trust, user empowerment, and innovation through convening multi-stakeholder initiatives, developing and promoting best practices, ethical privacy practices, and data stewardship.