In this article:
How to Resolve Issues in SecurityScorecard
Any rated organization has the right to dispute information on their SecurityScorecard Security Rating and provide clarifying information for consideration. SecurityScorecard has three resolution types:
- Dispute - The company provides evidence that the identified risk/finding was incorrectly associated with their Scorecard and should be removed from the company’s record.
- Correction - The company provides clarifying data about a compensating control that is in place which is not visible to our non-intrusive, outside-in view.
- Appeal - The company resolved the risk and the issue should be removed from the company’s Scorecard.
Step by Step Guide
How do I remove issues or IPs on my Scorecard?
Step 1
Identify the issue or IP/domain that you want to dispute, correct, or appeal.
To identify the issue you want removed:
- Go to My Scorecard
- Select the specific issue on the Issues Tab
- Select one or multiple vulnerabilities related to the same issue
To identify the IP/domain you want removed:
- Go to My Scorecard
- Go to the Digital Footprint Tab
- Select one or multiple IPs/domains
Step 2
Select the reason you want the Issue or IP/domain removed from your Scorecard
To select the reason you want a specific issue removed:
- Hit Resolve and select one of four resolution reasons:
- I have fixed this
- I have a compensating control
- This is not my IP or domain
- I cannot reproduce this issue and I think it’s incorrect
To select the reason you want a specific IP removed:
- Hit Remove and select one of four reasons
- These IPs are not mine
- These IPs are associated with a domain that is not mine
Step 3 (Optional)
Users have the ability to add private or public comments to any issue on their Scorecard.
To add a private or public comment on an issue:
- Go to My Scorecard
- Select the specific issue on the Issues Tab
- Select add a comment
- Choose from five pre-canned comments or create a custom comment
- Make the comment public or private (Public custom comments go through a short approval process before they are added to the Scorecard)
Access additional information on Commenting here.
What happens next?
SecurityScorecard reviews each submitted dispute and associated supporting evidence and, if warranted, corrects and updates the scorecard. A challenge or resolution is either accepted or denied within 48-hours on average. If accepted, the Scorecard is then updated between 48-72 hours.
Audit Log Visibility
Users have visibility into the status of each issue that was submitted for review. The categories include:
- Open, Under Review, Resolved, Declined, and Decayed
Have additional questions? Please reach out via support.securityscorecard.com