In this article:
Completing your Company Profile is quick and easy.
You can share non-confidential essential information about your security program right on your Scorecard. Now, more than ever, it is very common for organizations to assess each other’s security posture. By having a completed profile, you can show that your organization is taking cybersecurity seriously.
Best practices and tips
We encourage you to:
- Proactively publish security-related information to make it faster for other companies to assess your cybersecurity posture
- Publicly share curated details with the entire ecosystem to demonstrate that you are proactively engaging with your Scorecard
- Be more transparent to demonstrate that your organization is actively managing your IT security
- Attest to having stellar cybersecurity hygiene to increase the trustworthiness of your Scorecard
Compliment your Scorecard with shared inside-out information to actively manage your security reputation.
Of course, we don’t want you to share anything that might be used against you and your assets by malicious actors. Please do not share any specifics around your defenses, only state that your defenses are up to date and rock solid.
If you have concerns about the information we are asking you to share, but still want to complete your Company Profile, please contact your Customer Success Manager.
Editing rights and visibility
How do I update a Company Profile?
- Users can only edit the Company Profile of their own organization
- Any User, Admin, and Designated Contact can submit, edit and remove content
- Users editing the profile need to attest to the validity of the content they submit as an employee of the organization that they represent
Who can see my Company Profile?
Content entered into your profile becomes visible to any company that has followed you in their Portfolio to perform continuous monitoring. Please note that if you choose to share contact information in the Team section, we will make those details available to users who monitor your Scorecard.
Your Company Profile consists of the following predefined Sections:
- Company Overview
- Security Statement
- Multi-Factor Authentication
- Third-Party Risk Compliance Frameworks
- Scorecard Comment
Describe your business. This helps users quickly understand what your company does.
This section also includes some useful data points about your company to help partners position you in your industry.
- Website: Official website
- Industry: Your industry
- Footprint: Size of your company’s digital footprint (# of IPs)
- Followers: # of companies following your company’s Scorecard
- Status: Your company’s activity status: Active or Inactive (Inactive = no login activity for 90 days)
We populate the above based on publicly available information that we have collected about your company. If you observe any discrepancies, please submit a ticket via our Support Portal support.securityscorecard.com.
Share contact information for key employees who manage your Scorecard. This helps your newest teammates get started more quickly.
Please note that if you choose to share contact information in the Team section, we will make those details available to users who monitor your Scorecard.
Give an overview of your company’s security posture. This demonstrates that you have good cybersecurity practices in place and helps you manage your perception within the SecurityScorecard ecosystem.
Share your Multi-Factor Authentication process for employees. This helps business partners understand security practices for employees that manage cloud-based confidential information.
Optional box: You also have the option to add text to the bottom of this section to elaborate on any further details that you may want to share.
Third-Party Risk Compliance Frameworks
Share the frameworks you rely on for third-party risk management. This helps your business partners better prepare for the assessment process.
Optional box: You also have the option to add text to the bottom of this section in case you use a framework that is not represented in our platform. Feel free to use this field to further elaborate on any other information.
Write a comment to appear on your Scorecard. Use this to provide additional inside-out context for business partners assessing your Scorecard.
Your comment will appear on your Scorecard page above your factor level scores and is going to be visible to any company that has followed you or has added your company to their Portfolio to perform continuous monitoring.
You can edit or remove your public comment at any time in the Company Profile section.
Examples of Comments:
Our security rating has been an A for the past 3 years. We actively engage with our rating/Scorecard to maintain our security hygiene to keep our business partners safe.
Our security rating has been stable at an A for the past year, however we recently dropped to a B. We have a Score Plan in place to raise our rating and are actively remediating issues and expect our rating to increase in the near future.
Our security rating has been stable at an A for the past year, however we recently dropped to a B. This cybersecurity incident was not material even though it was detected by SecurityScorecard.
Step by Step Guide
To edit your organization's Company Profile
- Log in to your SecurityScorecard account
- Navigate to My Scorecard
- Select the Company Profile tab
- Add information to the different sections
Why are the contents of my Company Profile important?
Now, more than ever, it is very common for organizations to assess each other’s security posture. Proactively publishing security-related information makes it faster for other companies to assess each other’s cybersecurity posture. Publicly sharing curated details with the entire ecosystem demonstrates that the company is proactively engaging with their Scorecard. Being more transparent increases the trustworthiness of their Scorecard and proves that they have stellar cybersecurity hygiene. Inside-out information will increase the security of the entire ecosystem allowing us to make the world a safer place.
There is incorrect information featured on my Company Profile, what can I do?
This can happen because a publicly available piece of information that we have collected about your company might have been out of date. Please submit a ticket via our Support Portal support.securityscorecard.com in resolving these discrepancies.
Alternatively, the discrepancy could have been from information that your company previously shared in your Company Profile. If you have previously filled out your profile, you can update the content in those fields by yourself.
Who has access to the information I share?
Content entered into a Company Profile becomes publicly visible to any other company that has followed or has added the company to their Portfolio to perform continuous monitoring.
Who can add, edit, and remove content?
- Any Admin, Designated Contact, or User on their own Scorecard can edit the Company Profile
- Guest User and Read-Only users cannot edit the Company Profile
Does the Company Profile affect my Score?
At the moment, the completeness of any Company’s Profile has no impact on Scorecards.
Can I view detailed information about the companies that are following me (Followers)?
SecurityScorecard takes data privacy seriously. We cannot share any information regarding follower details with the scorecard that is being followed.