Our approach to security

YouGov - Information security

The protection and security of the client and panel data we hold and process is fundamental to our business and a top priority. As a global data and analytics business, our clients, panelists and suppliers can equally find reassurance in our adherence to the ISO27001 standard for Information Security, as the ISO 27001 standard is known and respected worldwide.

YouGov has established, implemented and continues to maintain an Information Security Management System that is certified to ISO27001:2013. The system defines our policies and processes for securing the information we hold and process. The scope of the certification is described in our certificate which can be found below.

We continuously assess risk and improve the security of our systems and processes in order to maintain the confidentiality, integrity and availability of information. Our security processes include the provision of regular security training to all employees, reviews of security policies and security testing on our systems including penetration testing and external/third-party assessments.

We maintain the confidentiality of data through policies, processes and technology including:
  • Regular training and activities to raise awareness of all staff on security and data protection matters
  • Access control policies to limit access to information only to those that need it
  • Encryption of data both in transit and at rest using industry standards
  • Secure handling and disposal of media
  • Physical security at our offices and data centres
We ensure the integrity of data by:
  • Installing and maintaining anti-virus protections on our systems
  • Implementing network security including Firewalls and Intrusion Prevention Systems
  • Running a vulnerability management program to detect and protect against security weaknesses
We protect the availability of information and applications through:
  • YouGov systems and infrastructure architecture is designed for high availability
  • Change management processes to protect against harmful changes
  • Back up policies and processes are in place to prevent data loss
  • Disaster recovery mechanisms are in place to provide continuity and ability to recover

Third Party Verification

ISO 27001

ISO 27001 is the globally recognised standard for Information Security management. It also references ISO27002 which is the global best practice standard for Information Security controls. YouGov has implemented an Information Security Management System that is certified by BSI to the ISO27001:2013 standard. Our management system is maintained and continuously improved to protect the data we hold and process. You can access our certificate here.

Our Data Centre co-location providers are also certified to ISO 27001, SOC2 and PCI-DSS.

Cyber Essentials Plus

YouGov in the UK has Cyber Essentials Plus certification. Cyber Essentials Plus is a UK Government backed scheme that provides external assurance of the existence of security to protect against the most common cyber threats.

You can access our certificate here. You can find out more about the scheme and controls assessed at the NCSC website.

Penetration testing and audits

YouGov carries out external assurance audits on an annual basis as part of its ISO27001 certification as well as the Cyber Essentials Plus certification in the UK. These are carried out by accredited third parties.

We carry out security testing on our systems and applications on a regular basis to identify and remediate vulnerabilities. We also work with CREST accredited third-parties who have security specialists that carry out penetration testing on an at-least annual basis to verify the security of our systems and applications.