The Ready Rating program and the staff at the American Red Cross are committed to protecting your company’s valuable information. Your assessment responses and scores are kept confidential. Members from other organizations are not able to access your answers or your results. Members have a choice as to whether or not they want their organization’s name included in the list of active Ready Rating members that is posted on the website.
The following information security measures have been placed into effect on the readyrating.org website:
Industry Standard SSL Security
The Ready Rating site deploys an industry standard SSL security certificate. The wildcard certificate is 2048-bit security and is used in various areas of site data submission and data display. The SSL cert is enabled on the Profile section of the site as well as the entire Assessment Center. The Assessment Center is self contained within one page and section, meaning all submissions, displays and reports are transmitted while within a forced SSL session.
All responses to and displays of Ready Rating assessments are encrypted/decrypted using the .Net Encryption Library. The .NET Encryption Library supports the strongest encryption algorithms and key sizes currently available.
The encryption utilizes numerous hashing algorithms including SHA1, SHA256, SHA384, SHA512, MD2, MD4, MD5, FCS16, FCS32, HAVAL, Ripemd320, Whirlpool, Tiger, and Gost Hash.
Ready Rating members receive a Next Steps Report and Scorecard Report for each assessment taken. These assessment reports do not contain any member identification if you print them out. The printed report does not reveal any information or details about the member having taken the assessment.
Assessment scores, which are encrypted, are stored in the Ready Rating system associated only to a member ID and never in a directly accessible profile method. Access to the data is available only client side and never server side on the publicly-accessible website.
Further, hacking, public access or open display of assessment instances directly associated to a member is not a concern. Distribution of printed member reporting information, like the member Next Steps or Scorecard Report, is outside the jurisdiction of the Ready Rating system and must be managed and monitored by member organizations.