Last week we released the 10th Online Trust Audit & Honor Roll, which is a comprehensive evaluation of an organization’s consumer protection, data security, and privacy practices. If you want to learn more about this year’s results, please join us for our webinar on Wednesday, 24 April, at 1PM EDT / 5PM UTC. Today, though, we thought it would be interesting to see how the Audit and results have evolved over time. Here are some quick highlights over the years:
- 2005 – The Online Trust Alliance issued “scorecards” tracking adoption of email authentication (SPF) in Fortune 500 companies.
- 2008 – Added DKIM tracking to the scorecards, and extended the sectors to include the US federal government, banks, and Internet retailers.
- 2009 – Shifted from scorecard to “Audit” because criteria were expanded to include Extended Validation (EV) certificates and elements of site security (e.g., website malware).
- 2010 – Introduced the Honor Roll concept, highlighting organizations following best practices. Only 8% made the Honor Roll.
- 2012 – Expanded criteria to include DMARC, Qualys SSL Labs website assessment, and scoring of privacy statements and trackers. Shifted overall sector focus to consumer-facing organizations, so dropped the Fortune 500 and added a “Social” sector (now called Consumer). 30% overall made the Honor Roll. Now a comprehensive audit, 2012 has served as the baseline year for Honor Roll achievement – there are 28 organizations that have earned Honor Roll status all seven years.
- 2014 – Added News/Media sector and included US federal government as part of the Honor Roll (vs. just as an overall sector). 30% overall made the Honor Roll.
- 2017 – Added ISPs, hosters, and email services sector. 52% overall made the Honor Roll.
- 2018 – Added healthcare sector. 70% overall made the Honor Roll.
Since 2012 the overall assessment categories have not changed, but the breadth and depth of criteria have been expanded to give a more holistic view of organizations’ adherence to best practices. Criteria and their weighting are re-evaluated each year to make sure they reflect the latest best practices and protection against common threats.
Even though the bar is raised each year, Honor Roll achievement has grown steadily, from 30% in 2012 to 70% in the most recent Audit. While this is solid progress, we can’t forget that these organizations are the top in their sector (by assets, revenue, users or traffic), and therefore don’t necessarily reflect the status of the entire sector.
Our Audit criteria are meant to be practical and implementable by organizations of all sizes, so we encourage all organizations to examine the best practices summarized in Appendix E of the Audit and assess themselves. We look forward to another decade of progress in ensuring a more trustworthy and secure Internet.