IISRI® Internal Ratings

Show your partners they can trust you with their data



Internal Audits and Recognition Through IISRI®


At IISRI®, internal audits provide a thorough and strategic and standardized methodology evaluation of an organization's cybersecurity and privacy posture, delving deeper than publicly available information. These audits utilize proprietary methodologies, confidential insights, and sector-specific benchmarks to offer detailed, actionable reports on an organization's security measures.
Internal audits include comprehensive reviews of security controls, risk management frameworks, incident response strategies, and compliance with industry standards such as ISO 27001, SOC2, and GDPR. These audits give organizations a clear roadmap for improving their security measures and ensuring they are resilient to emerging threats.

In recognition of exemplary performance, IISRI® offers an Annual CyberRank Awards Program, honoring organizations that demonstrate leadership and innovation in cybersecurity. Winners of these awards receive exclusive, customizable plaques—a paid service that organizations can order to showcase their achievements. These plaques are made from premium materials and can be personalized with the recipient's logo and award details, making them a prestigious symbol of excellence in security and privacy. Categories for the awards include "Cyber Excellence," "Privacy Champion," "Rising Star," and "Top Industry Performer," offering organizations the opportunity to be recognized for their efforts.

Additionally, recognized companies can purchase email signatures and online branding stamps as part of their award package. These customizable digital assets allow organizations to proudly display their CyberRank achievements in email communications, websites, and marketing materials. The branding stamps, featuring the CyberRank logo and award details, serve as a powerful visual endorsement of a company’s commitment to maintaining the highest security and privacy standards, enhancing their credibility and trust with clients and stakeholders.

With internal audits, prestigious awards, and customizable branding options, IISRI® CyberRank provides organizations with the tools and recognition they need to maintain and showcase their cybersecurity excellence.

IISRI® CyberRank Awards

The IISRI® CyberRank Awards are an annual celebration of global excellence in cybersecurity, recognizing organizations for their exceptional achievements in external security posture. These awards honor the Top 10 companies across key industry sectors, highlighting their leadership in safeguarding sensitive data and mitigating cyber risks. Winners of the IISRI® CyberRank Awards enjoy exclusive, invite-only recognition with an all-expenses-paid experience for the top-performing organizations. This prestigious accolade not only boosts industry credibility but also showcases their commitment to best-in-class cybersecurity practices. While the 2025 awards will take place in Bali, the IISRI® CyberRank Awards are an ongoing initiative held annually, celebrating organizations worldwide that excel in their CyberRank assessments. At present, the awards focus exclusively on external cybersecurity posture, as rated by the rigorous CyberRank Rating System. The IISRI® CyberRank Awards go beyond individual recognition—they serve as a platform to inspire collaboration and innovation, shaping the future of cybersecurity across industries. Stay informed about upcoming events and awards programs, and register your interest here. Be part of the global movement driving cybersecurity excellence forward.

Rating Scale

Rating Meaning Mark Risk
AAA All information security and/or privacy controls are adequate, appropriate, and effective enough to provide reasonable assurance that security and privacy risks are being managed and objectives are met. Excellent None to minimal
AA Almost all information security and/or privacy controls are adequate, appropriate, and effective enough to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. Very good Very low
A Almost all information security and/or privacy controls are adequate, appropriate, and effective enough to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. A few specific control weaknesses have been noted. Minor additional work on information security or privacy is recommended. Good Low
BBB Main information security and/or privacy controls are adequate, appropriate, and effective enough to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. A few specific control weaknesses have been noted. Minor additional work on information security or privacy is recommended. Satisfactory Low
BB Main information security and/or privacy controls are adequate, appropriate, and effective enough to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. Some specific control weaknesses have been noted. Moderate additional work on information security or privacy is recommended. Sufficient Moderate
B Some information security and/or privacy controls are adequate, appropriate, and effective enough to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. Many specific control weaknesses have been noted. Major additional work on information security or privacy is highly recommended. Moderate Moderate
CCC Main information security and/or privacy controls are unlikely to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. Major work on information security or privacy is highly recommended. Insufficient High
CC Almost all information security and/or privacy controls are unlikely to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. Major work on information security or privacy is highly recommended. Very insufficient High
C Almost all information security and/or privacy controls are unlikely to provide reasonable assurance that security and/or privacy risks are being managed and objectives are met. Major work or complete new program on information security and/or privacy is required. Poor Very high
D All information security and/or privacy controls are not providing any assurance that security and/or privacy risks are being managed and objectives are met. Complete new program on information security and/or privacy is required. Very poor Almost certain

The rating reflects the publicly available information security or privacy maturity level of an assessed organization at a specific moment in time. IISRI® CyberRank provides daily updates, monitoring, and insights, showcasing which organizations achieve the top CyberRank each day!



This website uses cookies. You can find our Privacy Policy here. If you don‘t agree with it, please leave this website.
I agree