‹ Back
Building Trust 14 September 2016

Online Trust Alliance Requests Public Comment for 2017 Online Trust Audit Methodology

Annual trust assessment recognizes companies’ commitment to security & privacy

BELLEVUE, Wash. and SAN JOSE, Calif. – The Online Trust Alliance (OTA) today issued a call for public comments on criteria for inclusion in the 2017 Online Trust Audit. Now in its ninth year, the Audit is recognized as benchmark research for evaluating responsible privacy and data security practices of over 1,000 consumer facing sites across the public and private sectors. Speaking at the IAPP’s Privacy. Risk. Security Conference session tomorrow entitled “Making The Grade: Moving from Compliance to Stewardship,” OTA will be critiquing 2016 results and inviting suggestions for best practices which further enhance consumer protection, data security and user privacy.

The primary goals of the Audit include:

  1. Provide benchmark tracking of industry standards and best practices.
  2. Giving prescriptive tools and resources to aid companies in enhancing their practices. 
  3. Reward and recognize organizations achieving top scores, demonstrating a commitment to online trust and consumer protection.

As the only comprehensive, independent, online trust benchmark study, the Audit evaluates sites on three primary categories including security, privacy and consumer protection practices. The Audit includes over 50 criteria ranging from site security and privacy policies to prevalence of third party data tracking and sharing to reputation analysis of domains, IP addresses and marketing practices. Sectors evaluated include banking, ecommerce, online services, content and public sector government sites.

This year a record 50 percent of sites achieved scores of 80 percent or higher, confirming that while the bar is raised every year, the criteria are achievable by organizations of all sizes in all industries. OTA updates the criteria and scoring models annually, incorporating input from industry, government agencies, consumer groups, trade associations, and generally accepted and deployed security standards. The 2016 methodology is supported by data provided through a combination of leading technology providers and OTA’s internal assessment tools.

“In order to maintain consumer trust and confidence and spur the vitality of online services, it is imperative that organizations double-down on security and privacy measures,” said Craig Spiezle Executive Director and President, Online Trust Alliance. “The Online Trust Audit recognizes companies embracing data stewardship, transparency and a commitment to consumer protection.”

In order to be considered, recommendations for new or revised metrics must: 

  1. Be vendor neutral and reflect generally accepted industry and business standards
  2. Allow for automation (i.e., must not require manual data collection)
  3. Be applicable internationally and across banking, ecommerce, online services, public sector government and news/media sectors

OTA’s Internet Trustworthy Working Group is currently evaluating possible additions including adoption of multi-factor authentication, business reputation scoring and email marketing practices. In addition, assessment of sites’ publically discoverable vulnerability reporting mechanisms is under consideration to promote responsible vulnerability disclosures.

Comments for the 2017 methodology should be submitted to OTA via email to in a word document or PDF.  All submissions must include contact information and an outline of the criteria and reference material to be considered for inclusion.  The deadline is 5 PM PST, Thursday, November 3, 2016.  OTA may post all submissions unless they are marked confidential  More Information

About OTA: 

The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.

‹ Back

Related articles

OTA Announces Methodology for Ninth Annual Online Trust Audit
Building Trust31 January 2017

OTA Announces Methodology for Ninth Annual Online Trust Audit

Criteria updated to reflect new security standards, responsible privacy practices and globally accepted security and resiliency best practices Jan. 31,...

2016 Online Trust Audit Methodology Announced
Building Trust4 March 2016

2016 Online Trust Audit Methodology Announced

Seattle, Washington - The Online Trust Alliance announced today the methodology for the forthcoming 2016 Online Trust Audit and Honor...

Industry Best Practices
Building Trust21 September 2017

Industry Best Practices

Industry Best Practices OTA provides best practices, resources, and guidance to help enhance online safety, data security, privacy, and brand...

Join the conversation with Internet Society members around the world