Evidence-based score gain is a methodology that gives organizations a positive score adjustment when they upload valid documents to the Evidence Locker. It highlights the diligence and cyber hygiene measures organizations take.
Note: There is no negative impact on your score if you do not share any evidence.
Accepted evidence types
SecurityScorecard accepts the following documents:
- SOC 2 Type 1 or Type 2
- ISO 27001
- PCI DSS Level 1
- NIST 800-53
- SIG
- HIPAA (HDS is an acceptable alternative in France)
- Privacy policy
- Certificate of insurance
- Penetration test
Different types of evidence carry different weights, and the potential increase in score is capped at 100 points.
View score gain in the events log
Evidence-based score gain appears in the events log, as shown below.
Frequently asked questions
How do I upload to the Evidence Locker?
For step-by-step instructions, see Post evidence.
Does my score drop if I do not upload any evidence?
No. This feature rewards organizations for uploading evidence because it reflects good cyber hygiene. There is no penalty for not sharing documents.
How long does the score gain take to appear?
The positive score change takes up to 48 hours to appear in your overall score.
I uploaded a document, such as a SOC 2, but I do not see a score gain. Why?
Check that the document's validity dates have not expired. SecurityScorecard does not apply a score gain for expired documents.