Security rating services (BitSight, SecurityScorecard) provide outside-in assessments of an organization's security posture — analyzing external attack surface, breach history, and leaked credentials.
Used for vendor risk management and cyber insurance underwriting. Don't replace internal assessments but provide continuous external visibility. Ratings are based on observable data — not your internal controls.