Building Trust 21 September 2017

OTA Requests Public Comments for 2018 Online Trust Audit Methodology

Reston, VA – The Online Trust Alliance (OTA), an Internet Society initiative, today issued a call for public comments about criteria for inclusion in its 2018 Online Trust Audit. Now in its tenth year, the Audit is recognized as benchmark research evaluating responsible online privacy and data security practices of more than 1,000 consumer-facing organizations across the public and private sectors.

“It is critical for organizations to keep pace with the latest best practices in security and privacy, whether they’re related to new attack vectors, vulnerabilities, regulation or user choice and control,” said Jeff Wilbur, director of the OTA Initiative at Internet Society. “When organizations don’t adapt their online security and privacy practices, consumer trust in them is impacted. The goal with the Online Trust Audit is to increase consumer confidence by providing prescriptive online security and privacy advice for organizations, and recognizing those who go beyond basic compliance and truly embrace stewardship of consumers’ data and privacy.”

As the only comprehensive, independent, online trust benchmark study, OTA evaluates sites in three primary categories for the Audit – security, privacy and consumer protection. The Audit includes over 60 criteria ranging from email authentication, site security and privacy policies to prevalence of third-party data tracking and sharing to presence of a vulnerability reporting mechanism. Sectors evaluated include banking, ecommerce, online services, content, ISP/hosters and government agencies.

The primary goals of the Audit include:

  1. Providing benchmark tracking of industry standards and best practices.
  2. Giving prescriptive tools and resources to aid companies in enhancing their practices. 
  3. Rewarding and recognizing organizations achieving top scores, demonstrating a commitment to online trust and consumer protection.

This year a record 52 percent of OTA audited sites achieved scores of 80 percent or higher and earned honor roll status, confirming that while the bar is raised every year the criteria are achievable by organizations of all sizes in all sectors. OTA updates the criteria and scoring models annually, incorporating input from consumer groups, government agencies, industry, trade associations, and generally accepted and deployed security standards. The 2017 methodology is supported by data provided through a combination of leading technology providers and OTA’s internal assessment tools.

For the 2017 Audit, significant methodology additions included deeper analysis of email authentication implementation, presence of a vulnerability reporting mechanism, analysis of application/network security, IP reputation and patching cadence, shift of privacy elements from bonus to baseline points and presence of cross-device tracking disclosure. OTA’s Internet Trustworthy Working Group is currently evaluating possible methodology additions for 2018 including alignment with the EU’s General Data Protection Regulation (GDPR), support of multi-factor authentication, use of Certification Authority Authorization (CAA) and additional website security factors.

How to Submit

In order for methodology additions to be considered, they must: 

  1. Be vendor neutral, and reflect generally accepted industry and business standards
  2. Allow for automation (i.e., must not require manual data collection)
  3. Be applicable internationally and across banking, ecommerce, government, ISP/hosting, news/media and online services sectors

Comments for the 2018 methodology should be submitted no later than Nov. 1, 2017 at 11pm EDT via email to admin @ in a Word document or PDF. All submissions must include contact information, an outline of the criteria and reference material to be considered for inclusion. OTA will also be taking suggestions for 2018 Online Trust Audit methodology and reviewing the 2017 Audit results at the The International Association of Privacy Professionals’ (IAPP) Privacy.Security.Risk Conference on Oct. 17 at 9:00 a.m. PDT during a session entitled “2017 Trust Audit—Recognition of Security & Responsible Privacy Leadership.”

OTA may post all submissions unless they are marked confidential. More Information about submissions and past Online Trust Audits can be found here.

About OTA: 

OTA is an initiative within the Internet Society (ISOC), a 501c3 charitable non-profit with the mission to promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world. OTA’s mission is to enhance online trust, user empowerment and innovation through convening multi-stakeholder initiatives, developing and promoting best practices, responsible privacy practices and data stewardship. To learn more about OTA visit and Internet Society

Related resources

Building Trust 8 October 2019

OTA’s Trust Audit Scores U.S. Presidential Candidates’ Campaigns, Finds Major Failures in Privacy Statements

Reston, VA. – October 8, 2019 – The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy...

Building Trust 25 September 2019

The Internet Society’s Online Trust Alliance Announces Methodology for Eleventh Online Trust Audit and Honor Roll

Criteria updated to include increased focus on encryption and global privacy regulations; international retail segments added

Building Trust 9 July 2019

Internet Society’s Online Trust Alliance Reports Cyber Incidents Cost $45B in 2018

Reston, VA – July 9, 2019 – The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy...