S2SCORE | Security assessment scoring and evaluation.

S2SCORE is a comprehensive information security assessment score based on standards such as NIST, HIPAA, ISO, etc.

S2SCORE | Security assessment scoring and evaluation.
United States

The DeSoto.io approach.

MEASURE your organization’s risk and expose vulnerabilities in your information security program.

  • ADMINISTRATIVE The people part of information security, administrative controls are primarily procedures and policies that guide employee actions. 
  • PHYSICAL Physical controls are the means and devices to control physical access to sensitive information and protect the availability of the information. 
  • INTERNAL TECHNICAL Internal technical controls segments your network from the inside, ensuring that if someone did get in they wouldn’t be able to get far. 
  • EXTERNAL TECHNICAL External technical controls protect your organization from the outside world and are traditionally what people think of when they think of cyber security.


More than half of all breaches occur due to third-party vendors, so it’s critical that you know who all your vendors are and the risk that they pose to your organization. 

  • INVENTORY Easily import all vendors into one centralized location. 
  • CLASSIFY Based on a standard series of 10 questions, you will classify the risk posed by each vendor as either a high, medium or low. 
  • ASSESS The assessment measures the strength of the vendor’s security practices across four control areas. The vendor will receive a score from 300 (very poor) to 850 (excellent). 
  • TREATMENT Take action against vulnerabilities revealed by the assessment. Track improvements over time for an overall stronger security posture. 
  • SIMPLIFY your vendor risk management program, ensuring compliance without unduly burdening your company or vendors. 
  • STANDARDIZE the process for year-after-year efficiencies and greater scalability. 
  • DEFEND against any risk created by your vendors, and against lawyers, regulators and customers if a breach occurs. 

Our assessment tools were developed by information security experts with a combined 300+ years of experience, and the same assessment has already been completed by more than 2,000 organizations.

ROADMAP necessary changes to improve your organization’s security posture in the most effective ways. 

  • Shared with you, the client.
  • Can be implemented in-house or with our help.

TRACK the improvements you’ve made to your security program in real-time and watch your S2SCORE rise. 

How can we help?