Our approach to security
The protection and security of the client and panel data we hold and process is fundamental to our business and a top priority. As a global data and analytics business, our clients, panelists and suppliers can equally find reassurance in our adherence to the ISO27001 standard for Information Security, as the ISO 27001 standard is known and respected worldwide.
YouGov has established, implemented and continues to maintain an Information Security Management System that is certified to ISO27001:2013. The system defines our policies and processes for securing the information we hold and process. The scope of the certification is described in our certificate which can be found here.
We continuously assess risk and improve the security of our systems and processes in order to maintain the confidentiality, integrity and availability of information. Our security processes include the provision of regular security training to all employees, reviews of security policies and security testing on our systems including penetration testing and external/third-party assessments.
Regular training and awareness all staff on security and data protection
Access control policies to limit access to information only to those that need it
Encryption of data both in transit and at rest using industry standards
Secure handling and disposal of media
Physical security at our offices and data centres
Installing and maintaining anti-virus protections on our systems
Implementing network security including Firewalls and Intrusion Prevention Systems
Running a vulnerability management program to detect and protect against security weaknesses
YouGov systems and infrastructure architecture is designed for high availability
Change management processes to protect against harmful changes
Back up policies and processes are in place to prevent data loss
Disaster recovery mechanisms are in place to provide continuity and ability to recover
Third Party Verification
ISO 27001 is the globally recognised standard for Information Security management. It also references ISO27002 which is the global best practice standard for Information Security controls. YouGov has implemented and Information Security Management System that is certified by BSI to the ISO27001:2013 standard. Our management system is maintained and continuously improved to protect the data we hold and process. You can access our certificate here.
Our Data Centre co-location providers are also certified to ISO 27001, SOC2 and PCI-DSS.
Cyber Essentials Plus
Cyber Essentials Plus is a UK Government backed scheme that provides external assurance of the existence of security defences to protect against the most comment cyber threats. You can find out more about the scheme and controls assessed at the NCSC website. YouGov in the UK certified to Cyber Essentials Plus. You can access our certificate here.
Penetration testing and audits
YouGov carries out external assurance audits on an annual basis as part of its ISO27001 certification as well as the Cyber Essentials Plus certification in the UK. These are carried out by accredited third parties.
We carry out security testing on our systems and applications on a regular basis to identify and remediate vulnerabilities. We also work with CREST accredited third-parties who have security specialists that carry out penetration testing on an at-least annual basis to verify the security of our systems and applications.