IISRI® Methodology

The Standard for
Security Ratings

From AAA (Excellent) to D (Very Poor). Learn what each rating means for your vendor decisions. Built by data protection experts based on international standards.

Check a Rating

Get an Overview

Clear, high-level view of security and privacy risks.

Investment & Acquisitions

Check the risks related to any company before making important decisions.

Insurance Assessment

Determine premiums based on accurate risk assessment.

Benchmarking

Continuously improve your cybersecurity foundation.

The IISRI® Rating Scale

Explore our comprehensive risk assessment scale, from AAA (Excellent) to D (Very Poor).

A
Good
Low RiskModerateHigh Risk

↑ Click the bar to explore each rating

A

A Rating | Good

Risk Level: Low

Almost all information security and/or privacy controls are adequate, appropriate, and effective enough to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. A few specific control weaknesses have been noted.

Action Plan

Safe to engage
Recommend requesting minor fixes
How It Works

What Determines a Rating?

CyberRank analyzes five key areas using publicly available data, with no access to internal systems required.

Security Testing

Vulnerabilities on public-facing servers and subdomains.

Privacy Testing

Privacy policies, cookies, consent banners.

Compliance Detection

SOC 2, ISO 27001, HIPAA, PCI DSS detection.

Data Leak & Credential Detection

Breach database monitoring and exposed credentials.

Asset Discovery

All public-facing assets and subdomains.

Proton - A Rating
Two Ways to Get Rated

CyberRank vs IISRI® Internal Ratings

Both use the same IISRI® rating scale (AAA to D). Choose the right approach for your needs.

CyberRank (IISRI® External)

Powered by AI & Public Data

Method
AI-driven, automated
Time
Minutes
Data
Public data only
Approach
Non-invasive

Best For

Vendor screening
Quick self-assessment
Benchmarking
Investment decisions
Try CyberRank

IISRI® Internal

Comprehensive Assessment

Method
On-site audit
Time
2-5 days
Data
Internal access required
Approach
Manual assessment

Best For

Deep compliance
Audit preparation
Certification
Internal vulnerability analysis
Request Assessment

Tip: Combine both for complete coverage. Start with CyberRank for quick external assessment, then use IISRI® Internal for deeper internal insights.

See Ratings in Action

Check any vendor's security rating or assess your own. Takes just 5-10 minutes.

Check a Vendor's RatingCheck Your Own Rating