10 Years of Auditing Online Trust – What’s Changed? Thumbnail
Building Trust 22 April 2019

10 Years of Auditing Online Trust – What’s Changed?

By Megan KruseFormer Director, Advocacy and Communications
Jeff WilburSenior Director, Online Trust

Last week we released the 10th Online Trust Audit & Honor Roll, which is a comprehensive evaluation of an organization’s consumer protection, data security, and privacy practices. If you want to learn more about this year’s results, please join us for our webinar on Wednesday, 24 April, at 1PM EDT / 5PM UTC. Today, though, we thought it would be interesting to see how the Audit and results have evolved over time. Here are some quick highlights over the years:

  • 2005 – The Online Trust Alliance issued “scorecards” tracking adoption of email authentication (SPF) in Fortune 500 companies.
  • 2008 – Added DKIM tracking to the scorecards, and extended the sectors to include the US federal government, banks, and Internet retailers.
  • 2009 – Shifted from scorecard to “Audit” because criteria were expanded to include Extended Validation (EV) certificates and elements of site security (e.g., website malware).
  • 2010 – Introduced the Honor Roll concept, highlighting organizations following best practices. Only 8% made the Honor Roll.
  • 2012 – Expanded criteria to include DMARC, Qualys SSL Labs website assessment, and scoring of privacy statements and trackers. Shifted overall sector focus to consumer-facing organizations, so dropped the Fortune 500 and added a “Social” sector (now called Consumer). 30% overall made the Honor Roll. Now a comprehensive audit, 2012 has served as the baseline year for Honor Roll achievement – there are 28 organizations that have earned Honor Roll status all seven years.
  • 2014 – Added News/Media sector and included US federal government as part of the Honor Roll (vs. just as an overall sector). 30% overall made the Honor Roll.
  • 2017 – Added ISPs, hosters, and email services sector. 52% overall made the Honor Roll.
  • 2018 – Added healthcare sector. 70% overall made the Honor Roll.

Since 2012 the overall assessment categories have not changed, but the breadth and depth of criteria have been expanded to give a more holistic view of organizations’ adherence to best practices. Criteria and their weighting are re-evaluated each year to make sure they reflect the latest best practices and protection against common threats.

Even though the bar is raised each year, Honor Roll achievement has grown steadily, from 30% in 2012 to 70% in the most recent Audit. While this is solid progress, we can’t forget that these organizations are the top in their sector (by assets, revenue, users or traffic), and therefore don’t necessarily reflect the status of the entire sector.

Our Audit criteria are meant to be practical and implementable by organizations of all sizes, so we encourage all organizations to examine the best practices summarized in Appendix E of the Audit and assess themselves. We look forward to another decade of progress in ensuring a more trustworthy and secure Internet.

Join the webinar on this year’s Audit!

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...