Begin november zullen we onze systemen bijwerken. Alle bestellingen die tussen 9 oktober en 4 november geplaatst worden, zullen na 4 november worden uitgeleverd

Platform security privacy

Operations, Security & Data privacy


Pearson Global Information Security
 

 - Pearson has implemented a set of global information security policies.
 - These policies are based on the ISO-27001 information security norm.
 - The list of policies implemented and enforced globally can be found at the end of this document.
 - These policies are owned by the Chief Information Security Officer (CISO).
 - They are subject to annual review.
 - Global implementation of these policies by respective controls are formally defined by a set of Security Standards and Guidelines. These are directly based on the ISO-27002 framework and take into account security best practices as defined in the NIST recommendations.
 - Local implementation of our policies and controls in France is governed by the local Information Security Management System (ISMS).
 - An ISMS review and risk assessment is conducted annually by the local Management Review team. This is under supervision of the Regional Information Security Officer (RISO) for our Core region (which includes Europe).
 - Under direct control of the CISO office is the dedicated Security Operations Control group (SOC). This group continuously monitors our infrastructure on security threats and manages incidents as they arise.

 

Data Privacy & GDPR 

 - Pearson is engaged in implementing a program to ensure compliance of its organization and products with the General Data Protection Regulation (GDPR).
 - Pearson is the data processor for the purposes of the GDPR of all personal data perspective.
 - Pearson will fully cooperate with clients to let them fulfill their obligations as the data controller under GDPR.
 - Pearson will formally enforce compliance by all of its vendors to these obligations (sub-processors in the definition of GDPR).
 - Our Data Privacy Officer is currently based in the UK.

 

Sub-Processors 

Pearson works together with the vendors listed below to deliver service to its customers. For the purpose of GDPR, these are Sub-Processors. Compliance to both the Pearson Information Security and Data Privacy policies and controls as well as the obligations under GDPR are enforced via a formal agreement between Pearson and these vendors.

 

 

Company name

Reg-no.

Address

Description of processing

Grounds for transfer

Sub-data processor

(1. Tier)

 

Amazon Web Services Canada, Inc.

857305932

120 Bremner Blvd, 26th Floor, Toronto, ON, M5J 0A8, Canada

Cloud computing services and data centre operations.

Hosting of Customer Personal Data.

Customer-initiated support. Access to data only with the Customer's explicit consent at the point of request.

European Union adequacy decision

Sub-data processor

(2. Tier)

 

Amazon Data Services Canada, Inc.

797963121

160 Elgin Street Suite 2600, Ottawa, ON, K1P 1C3

Cloud computing services and data centre operations.

Hosting of Customer Personal Data.

European Union adequacy decision

 

 

Company name

Reg-no.

Address

Description of processing

Grounds for transfer

Sub-data processor

(1. Tier)

 

Bahnhof

831671

Sveavagen 41, 111 40 Stolkholm, Sweden

Hosting of Customer Personal Data.

N/A

Sub-data processor

(2. Tier)

 

None

 

 

 

 

 

 

Company name

Reg-no.

Address

Description of processing

Grounds for transfer

Sub-data processor

(1. Tier)

 

SendGrid by Twilio

(Twilio Ireland Limited)

IE557454

3 Dublin Landings, North Wall Quay, Dublin 1, Ireland

Routing and transmission of emails.

Personal data contained in emails is transmitted to the target email. The email body data is only retained for as long as it takes to send it. The target email address is retained for analytics purposes.

European Union adequacy decision – Data Privacy Framework

Sub-data processor

(2. Tier)

 

AWS Amazon USA

0000174230

410 Terry Avenue North, Seattle, WA 98109-5210, U.S.A.

Hosting of SendGrid data.

European Union adequacy decision – Data Privacy Framework

 

 

Company name

Reg-no.

Address

Description of processing

Grounds for transfer

Sub-data processor

(1. Tier)

 

MongoDB Atlas

(MongoDB Limited Limited)

4999921

Building Two, Number One Ballsbridge, Shellbourne Road, Dublin 4, Co Dublin, Ireland

Database as a service for the hosting of customer personal data.

N/A

Sub-data processor

(2. Tier)

 

Amazon Web Services Canada, Inc.

857305932

120 Bremner Blvd, 26th Floor, Toronto, ON, M5J 0A8, Canada

Hosting of MongoDB Atlas data.

European Union adequacy decision

 

 

 

Company name

Reg-no.

Address

Description of processing

Grounds for transfer

Sub-data processor

(Pearson group entity)

 

Pearson Education Limited (UK)

872828

80 Strand, London, WC2R 0RL, United Kingdom

Customer support. Access to examinee/ assessment data only with the customer's explicit consent at the point of request.

European Union adequacy decision

All Pearson entities are bound through our intercompany International Data Transfer Agreement (IDTA)

Sub-data processor

(Pearson group entity)

 

Pearson Canada Assessment Inc. (Canada)

1163650766

176 Yonge Street, 6th Floor, Toronto, ON, M5C 2L7, Canada

Technical Support.

European Union adequacy decision

All Pearson entities are bound through our intercompany International Data Transfer Agreement (IDTA)

Sub-data processor

(Pearson group entity)

 

NCS Pearson, Inc (USA)

410850527

5601 Green Valley Drive, Bloomington, MN 55437, United States

3rd line technical support. Access to examinee/ assessment data only with the customer's explicit consent at the point of request.

All Pearson entities are bound through our intercompany International Data Transfer Agreement (IDTA)


ISO-27001 based Global Information Security Management Policies
 

 - 5 Information Security Policies
 - 6 Organization of Information security
 - 7 Human Resources Security
 - 8 Asset Management
 - 9 Access Control
 - 10 Cryptography
 - 11 Physical and Environmental Security
 - 12 Operations Security
 - 13 Communications Security
 - 14 System Acquisition, Development and Maintenance
 - 15 Supplier Relationships
 - 16 Information Security Incident Management
 - 17 Information Security Aspects of Business Continuity Management
 - 18 Compliance


More information:

 - Privacy Statement for our Clinical Platforms
 - Q-interactive Terms & Conditions
 - Q-global Terms & Conditions
 - Please send your inquiries to dataprivacy-nl@pearson.com

 

De Q Global- en Q Interactive-platforms zijn geaccrediteerd onder de Richtlijn Medische Hulpmiddelen 93/42EC (MDD) van de Europese Unie voor de CE-markering als een Tier 1-medisch hulpmiddel. Ze mogen alleen worden gebruikt door bevoegde en gekwalificeerde behandelaren om te helpen bij het nemen van professionele beslissingen en diagnoses. De accreditatie van Pearson is geldig onder MDD tot mei 2024.

Altijd als eerste op de hoogte?

Wil jij altijd als eerste op de hoogte zijn van nieuwe whitepapers, webinars, tests, trainingen en aanbiedingen? Meld je dan aan voor onze nieuwsbrief.

top