An information security rating is an opinion based on an evaluation of the information security posture of a prospective data collector (an individual, a business, organisation or a government), predicting their ability to protect their own data and that of their customers, and an implicit forecast of the likelihood of the collector defaulting in doing so.
The ratings range from the lowest D up to AAA which represents the highest possible rating. The rating scale is available on our website here.
IISRI has developed robust and detailed methods to assess organisations and their services to be able to provide the public with objective and independent information security ratings. The services of IISRI consist of an external rating service and an internal rating service. The external rating service is only based on public information, without the need of cooperation of the assessed organisation. The internal rating service requires the cooperation with the organisation and is thus besides on public information also based on internal organisation information.
Although each type of rating service has its own assessment methodology, they have the following features in common.
The assessments and ratings
Types of ratings and description of assessments' methodology are available on our website here