1. The company commits to keep up-to-date with the latest encryption and security standards and publishes evidence that it does so.
2. The company commits to address security vulnerabilities when they are discovered and publishes general information about how it does so.
3. The company discloses that it has systems in place to limit and monitor employee access to user information.
4. The company discloses that it regularly conducts security audits on its technologies and practices affecting user information.
5. The transmission of user communications is encrypted by default.
6. The company deploys advanced authentication methods to prevent fraudulent access.
Guidance: Companies can have access to immense amounts of personal information about users, and they should take the highest possible measures to keep this information secure. We expect companies to disclose information about how they keep data secure so that users can make informed decisions about where to send their data.
Evaluation: This indicator is scored using a checklist, meaning companies can only receive full credit if their disclosure meets all elements in the checklist.
Potential sources:
For more information, click here for a glossary of terms.