Skip to main content

Issue Resolution Process

dave herder
  • Updated

In this article:

    How to Resolve Issues in SecurityScorecard

    Any rated organization has the right to dispute information on their SecurityScorecard Security Rating and provide clarifying information for consideration. SecurityScorecard has three resolution types:

    1. Dispute - The company provides evidence that the identified risk/finding was incorrectly associated with their Scorecard and should be removed from the company’s record.
    2. Correction - The company provides clarifying data about a compensating control that is in place which is not visible to our non-intrusive, outside-in view.
    3. Appeal - The company resolved the risk and the issue should be removed from the company’s Scorecard.

    Step by Step Guide

    How do I remove issues or IPs on my Scorecard?

    Step 1

    Identify the issue or IP/domain that you want to dispute, correct, or appeal.

    To identify the issue you want removed:

    • Go to My Scorecard
    • Select the specific issue on the Issues Tab
    • Select one or multiple vulnerabilities related to the same issue

    To identify the IP/domain you want removed:

    • Go to My Scorecard
    • Go to the Digital Footprint Tab
    • Select one or multiple IPs/domains

    Step 2

    Select the reason you want the Issue or IP/domain removed from your Scorecard

    To select the reason you want a specific issue removed:

    • Hit Resolve and select one of four resolution reasons:
      • I have fixed this
      • I have a compensating control
      • This is not my IP or domain
      • I cannot reproduce this issue and I think it’s incorrect

    mceclip0.png

    To select the reason you want a specific IP removed:

    • Hit Remove and select one of four reasons
      • These IPs are not mine
      • These IPs are associated with a domain that is not mine

    Screen_Shot_2022-04-20_at_8.23.49_AM.png

    Step 3 (Optional)

    Users have the ability to add private or public comments to any issue on their Scorecard.

    To add a private or public comment on an issue:

    • Go to My Scorecard
    • Select the specific issue on the Issues Tab
    • Select add a comment
    • Choose from five pre-canned comments or create a custom comment
    • Make the comment public or private (Public custom comments go through a short approval process before they are added to the Scorecard)

    Access additional information on Commenting here.

    mceclip1.png
    Commenting

    What happens next?

    SecurityScorecard reviews each submitted dispute and associated supporting evidence and, if warranted, corrects and updates the scorecard. A challenge or resolution is either accepted or denied within 48-hours on average. If accepted, the Scorecard is then updated between 48-72 hours.

    Audit Log Visibility

    Users have visibility into the status of each issue that was submitted for review. The categories include:

    • Open, Under Review, Resolved, Declined, and Decayed

    mceclip2.png

    Have additional questions? Please reach out via support.securityscorecard.com

    Related articles