Announcing the Online Trust Audit & Honor Roll Methodology for 2018 Thumbnail
Building Trust 23 August 2018

Announcing the Online Trust Audit & Honor Roll Methodology for 2018

By Megan KruseFormer Director, Advocacy and Communications

The Online Trust Alliance (OTA) is an Internet Society initiative that aims to enhance online trust, user empowerment, and innovation through convening multistakeholder initiatives and developing and promoting best practices, ethical privacy practices, and data stewardship. One of OTA’s major activities is the Online Trust Audit & Honor Roll, which promotes responsible online privacy and data security practices and recognizes leaders in the public and private sectors who have embraced them. This morning, we released the methodology we’ll use for this year’s audit.

The report will analyze more than 1,000 websites on consumer protection, site security, and responsible privacy practices. Based on a composite weighted analysis, sites that score 80 percent or better overall, without failing in any one category, will be recognized in the Honor Roll.

Building largely on past criteria, this year’s updates include GDPR compliance and other security and privacy standards and practices, as well as adding a healthcare sector. From the press release:

Key changes to this year’s Audit include:

  • Consumer Protection (email authentication, domain security and anti-phishing technologies) – more granular assessment of Domain-based Message Authentication, Reporting and Conformance (DMARC) support, and increased weight for use of opportunistic Transport Layer Security (TLS), which encrypts email between servers
  • Site Security (site configuration, TLS/SSL infrastructure, presence of site vulnerabilities, observed malware, and related security and data protection enhancing controls) – increased weight for “HTTPS-everywhere” and elements such as patching cadence, application and network security, as well as bonus points for Certificate Authority Authorization (CAA)
  • Privacy (policies and practices including data retention, disclosures, user anonymity, third-party data sharing, opt-out mechanisms and observing sensitive data barriers) – increased weight for archived privacy policies, broader inclusion of settlements and breaches, and bonus points for support of General Data Protection Regulation (GDPR) language

The full 2018 Audit methodology is posted at

You can see last year’s Audit here, and many organizations may find Appendix E, the Best Practice Checklist, especially useful.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...