In this article:
Security ratings provide teams with the information needed to determine whether their vendors’ and their own security postures are positioned to proactively mitigate attacks. Teams typically require lengthy questionnaires or multiple conversations to gain insight into an organization’s security posture.
Security Scorecards public Scorecards remove those time-consuming steps by enabling any team to quickly gain critical insights into an organization's current security posture, from a simple Google search. They give teams a source of truth when they need it.
Public Scorecards create value in many ways:
- Easily claim your Scorecard from a simple Google search and remain in control of what the rest of the world sees regarding your security posture.
- Quickly build trust with prospects, customers, and business partners by providing discoverability and visibility.
- Help vendor risk managers, information security professionals, procurement teams, and cyber-insurers better understand organizational security hygiene.
What is a public Scorecard?
A public Scorecard is a condensed version of a Scorecard that anyone can search and view on the web without logging into the SecurityScorecard platform. It includes the following information:
- A description of the organization with some high-level data points
- The Scorecard grade
- Links to Scorecards for comparable organizations
- Explanations of our scoring process and measurements
The following example shows a full public Scorecard without the grade displayed:
The following example shows part of a public Scorecard with the grade displayed:
Find a public Scorecard
SecurityScorecard continuously scans the internet and adds new Scorecards. Currently more than 12 million Scorecards are publicly available.
In a web browser, search on the name of an organization. If a Scorecard for that organization is available, it appears in the search results as:
https://securityscorecard.com > security-rating > [organization-name]
Tip: To instantly link to any public Scorecard when you are browsing the web, install our Chrome Extension in seconds. The extension displays a SecurityScorecard badge for any organization that is referenced in your browser sessions. You can simply click the badge to see the public Scorecard.
Get the most out of your own public Scorecard
Use your own public Scorecard to showcase your organization’s cybersecurity health and build trust with your business partners.
Claim your Scorecard
If you do not have a SecurityScorecard account, click the link to claim it or to join SecurityScorecard, and sign up for a free account. Then you can learn about cybersecurity issues impacting your score and how you can remediate them to improve it.
Your public Scorecard status changes to Claimed, which indicates to others who view it that your organization is engaged in improving your cybersecurity posture.
Note: If your organization already has a SecurityScorecard subscription, the Scorecard status already appears as Claimed.
View other public Scorecards
Search for, and view, Scorecards for potential vendors, partners, or competitors to gain a quick view of their cybersecurity engagement.
If you do not have a SecurityScorecard account, click Get your Free Score, or Join now to sign up a free account. This will enable you to view detailed Scorecard information, such as:
- All discovered cybersecurity issues that put the organization at risk
- How the organization’s security posture is scored according to different factors.
- The organization’s Digital Footprint, which shows all digital assets that belong to it throughout the world
With an account, you also can start monitoring your own security posture.
Request compliance documents through a public Scorecard
If you are vetting an organization as a potential vendor or partner, you can ask them to share compliance audit certifications, penetration test reports, and other evidence of best security practices.
SecurityScorecard's Evidence Locker enables any organization to post their compliance artifacts and share them easily and safely with anyone they choose. Learn more about Evidence Locker.
To request an organization's evidence through their public Scorecard:
- Click Request Documents at the bottom of the public Scorecard.
- If you have a SecurityScorecard account, log in and go to the next step.
If you do not have a SecurityScorecard account, create one for free (Learn about setting up your account.)...
...then provide the requested information, so that you can be identified when you request the documents. Click Continue.
- If the organization you are requesting documents from has claimed their Scorecard, disregard this step.
If the organization has not claimed their Scorecard, send them a personalized invitation to join SecurityScorecard for free. Enter the name and email address of a contact at the organization, and then click Continue.
- In the document request form, edit the standard note if you would like to personalize your message or add more context.
- Select the documents you are requesting. For additional documents, select Other and enter a name or description of documents you want to see.
- Click Continue.
A confirmation message indicates that your message was sent.
The organization you contacted receives a request email with an explanation of what Evidence Locker is.
Note: If the organization does not have a SecurityScorecard account yet, the email also includes a description of SecurityScorecard and a link to join for free.
- Who can see my public Scorecard?
- What if I do not want my public Scorecard to appear in web searches?
- What happens if my grade drops from an A?
- Is my sensitive information being disclosed publicly?
- Where does SecurityScorecard get these data points from?
- Do I have a say in what information gets disclosed on my public Scorecard?
- How does SecurityScorecard prevent bad actors from exploiting public Scorecards to find weaknesses they can attack?
- Why is having a public Scorecard good for my organization?
- How is the score calculated?
Who can see my public Scorecard?
Anyone performing an organic search on the web can find your public Scorecard.
What if I do not want my public Scorecard to appear in web searches?
You can prevent search engines from indexing your public Scorecard and from showing it in search results:
- Log into the SecurityScorecard platform, and click the Company Profile tab for your Scorecard.
- Click Public Scorecard Settings on the left.
- Disable the option to show your public Scorecard in search engines.
What happens if my grade drops from an A?
Only A grades are visible in public Scorecards. If your grade drops from an A, your public Scorecard displays a grey hexagon with no grade.
Is my sensitive information being disclosed publicly?
Public Scorecards show the following information:
- Scorecard grade, only if it is an A
- Organization description
- Number of organizations following, or monitoring, the Scorecard
- Size of Digital Footprint
- Headquarters location
- Number of employees
Where does SecurityScorecard get these data points from?
Some information, such as grade, Digital Footprint, and number of followers, comes from our scans and measurements that enable us to generate Scorecards. We derive additional information, such as organization description and location, from common public third-party sources.
Do I have a say in what information gets disclosed on my public Scorecard?
Public Scorecards display a standard set of information listed in the previous FAQ answer. Ability to customize this information is not available.
How does SecurityScorecard prevent bad actors from exploiting public Scorecards to find weaknesses they can attack?
A person finds a specific public Scorecard by searching on the web. Public Scorecards only display A grades and no issue-related details. All other visible information is derived from publicly available sources. To see issue-level details, a public Scorecard visitor has to create a SecurityScorecard account.
Why is having a public Scorecard good for my organization?
Openly advertising your good security posture and engagement creates a perception of trust when your potential business partners and customers evaluate your products and services.
How is the score calculated?
SecurityScorecard bases an overall score on individual score calculations for 10 factors, which are different categories of cybersecurity practices and risks. See a whitepaper on our scoring methodology for details.