Donate
10 Years of Auditing Online Trust – What’s Changed? Thumbnail
‹ Back
Building Trust 22 April 2019

10 Years of Auditing Online Trust – What’s Changed?

Jeff Wilbur
By Jeff WilburTechnical Director, Online Trust Alliance

Last week we released the 10th Online Trust Audit & Honor Roll, which is a comprehensive evaluation of an organization’s consumer protection, data security, and privacy practices. If you want to learn more about this year’s results, please join us for our webinar on Wednesday, 24 April, at 1PM EDT / 5PM UTC. Today, though, we thought it would be interesting to see how the Audit and results have evolved over time. Here are some quick highlights over the years:

  • 2005 – The Online Trust Alliance issued “scorecards” tracking adoption of email authentication (SPF) in Fortune 500 companies.
  • 2008 – Added DKIM tracking to the scorecards, and extended the sectors to include the US federal government, banks, and Internet retailers.
  • 2009 – Shifted from scorecard to “Audit” because criteria were expanded to include Extended Validation (EV) certificates and elements of site security (e.g., website malware).
  • 2010 – Introduced the Honor Roll concept, highlighting organizations following best practices. Only 8% made the Honor Roll.
  • 2012 – Expanded criteria to include DMARC, Qualys SSL Labs website assessment, and scoring of privacy statements and trackers. Shifted overall sector focus to consumer-facing organizations, so dropped the Fortune 500 and added a “Social” sector (now called Consumer). 30% overall made the Honor Roll. Now a comprehensive audit, 2012 has served as the baseline year for Honor Roll achievement – there are 28 organizations that have earned Honor Roll status all seven years.
  • 2014 – Added News/Media sector and included US federal government as part of the Honor Roll (vs. just as an overall sector). 30% overall made the Honor Roll.
  • 2017 – Added ISPs, hosters, and email services sector. 52% overall made the Honor Roll.
  • 2018 – Added healthcare sector. 70% overall made the Honor Roll.

Since 2012 the overall assessment categories have not changed, but the breadth and depth of criteria have been expanded to give a more holistic view of organizations’ adherence to best practices. Criteria and their weighting are re-evaluated each year to make sure they reflect the latest best practices and protection against common threats.

Even though the bar is raised each year, Honor Roll achievement has grown steadily, from 30% in 2012 to 70% in the most recent Audit. While this is solid progress, we can’t forget that these organizations are the top in their sector (by assets, revenue, users or traffic), and therefore don’t necessarily reflect the status of the entire sector.

Our Audit criteria are meant to be practical and implementable by organizations of all sizes, so we encourage all organizations to examine the best practices summarized in Appendix E of the Audit and assess themselves. We look forward to another decade of progress in ensuring a more trustworthy and secure Internet.

Join the webinar on this year’s Audit!

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

A New Chapter for OTA (and Me)
Building Trust5 April 2017

A New Chapter for OTA (and Me)

Author: Craig Spiezle I would like to share exciting news.  Today OTA has announced it has joined forces with the Internet Society (ISOC)...

Online Trust Audit Finds Better Email Authentication and Encryption; Worse Privacy Statement Scores
Online Trust Audit Finds Better Email Authentication and Encryption; Worse Privacy Statement Scores
Reports16 April 2019

Online Trust Audit Finds Better Email Authentication and Encryption; Worse Privacy Statement Scores

Do you know how – or even if – your favorite retailer, or your bank, or your ISP is working...

2017 Online Trust Audit Released - What Did We Learn?
2017 Online Trust Audit Released - What Did We Learn?
Building Trust20 June 2017

2017 Online Trust Audit Released – What Did We Learn?

Today the OTA released the 9th annual Online Trust Audit and Honor Roll. This year’s Audit is our most comprehensive ever, assessing...

Join the conversation with Internet Society members around the world