Indkøbsvogn

Indkøbsvognen er tom

×

Default welcome msg!

Pearson Clinical Assessment Digital Platforms Operations

Security & Data privacy

Pearson Global Information Security

  • Pearson has implemented a set of global information security policies.
  • These policies are based on the ISO-27001 information security norm.
  • The list of policies implemented and enforced globally can be found at the end of this document.
  • These policies are owned by the Chief Information Security Officer (CISO).
  • They are subject to annual review.
  • Global implementation of these policies by respective controls are formally defined by a set of Security Standards and Guidelines. These are directly based on the ISO-27002 framework and take into account security best practices as defined in the NIST recommendations.
  • Under direct control of the CISO office is the dedicated Security Operations Control group (SOC). This group continuously monitors our infrastructure on security threats and manages incidents as they arise.

ISO 27001 certification

  • Pearson Clinical & Talent Assessment is in a program to get certified for ISO 27001 across Europe for those countries where we hold an office
  • Pearson Benelux has been ISO 27001 certified since 2016
  • Local implementation of our policies and controls is/will be governed by the local Information Security Management System (ISMS).
  • An ISMS review and risk assessment is conducted annually by the local Management Review team. This is under supervision of the Regional Information Security Officer (RISO) for our Core region (which includes Europe).
  • Under direct control of the CISO office is the dedicated Security Operations Control group (SOC). This group continuously monitors our infrastructure on security threats and manages incidents as they arise.

Data Privacy & GDPR

  • Pearson is engaged in implementing a programme to ensure compliance of its organisation and products with the General Data Protection Regulation ( GDPR).
  • Pearson is  the data processor for the purposes of the GDPR of all personal data perspective.
  • Pearson will fully cooperate with clients to let them fulfill their obligations as the data controller under GDPR.
  • Pearson will formally enforce compliance by all of its vendors to these obligations (sub-processors in the definition of GDPR).
  • Our Data Privacy Officer is currently based in the UK. By the time GDPR comes into effect we will however have a Data Privacy Officer based in Continental Europe, within the Union.

Sub-Processors

Pearson works together with the vendors listed below to deliver service to its customers. For the purpose of GDPR, these are Sub-Processors. Compliance to both the Pearson Information Security and Data Privacy policies and controls as well as the obligations under GDPR are enforced via a formal agreement between Pearson and these vendors.

Vendor

In use for

Personal data records processed

CenturyLink, Canada

  • Q-global; Hosting of the platform & data
  • Q-interactive; Hosting of the platform & data
  • Client user accounts
  • Basic patient/examinee demographics
  • Patient/examinee test responses
  • Patient/examinee test scores

Amazon AWS, Canada

  • Q-global; Hosting of the platform & data
  • Q-interactive; Hosting of the platform & data
  • Client user accounts
  • Basic patient/examinee demographics
  • Patient/examinee test responses
  • Patient/examinee test scores

BellShape, The Netherlands

  • P2O/BellShape; Hosting of the platform & data
  • Client user accounts
  • Basic patient/examinee demographics
  • Patient/examinee test responses

CloudVPS, The Netherlands

  • P2O/BellShape; Hosting of the platform & data
  • Basic patient/examinee demographics
  • Patient/examinee test scores

Bahnhof, Sweden

  • Cogmed; Hosting of platform & data
  • Client user accounts (Coaches)

ISM, The Netherlands

  • Pearsonclinical.nl/be e-commerce; Hosting of the platform & data
  • Basic client user account & contact information

Bulheller, Germany

  • Hosting of the platform & data (Sosie & 5DDP)
  • Basic patient/examinee demographics
  • Patient/examinee test scores

ISO-27001 based Global Information Security Management Policies

  • 5 Information Security Policies
  • 6 Organization of Information security
  • 7 Human Resources Security
  • 8 Asset Management
  • 9 Access Control
  • 10 Cryptography
  • 11 Physical and Environmental Security
  • 12 Operations Security
  • 13 Communications Security
  • 14 System Acquisition, Development and Maintenance
  • 15 Supplier Relationships
  • 16 Information Security Incident Management
  • 17 Information Security Aspects of Business Continuity Management
  • 18 Compliance

More information