Our approach to security

Back to Our data commitment

The protection and security of the client and panel data we hold and process is fundamental to our business and a top priority. As a global data and analytics business, our clients, panel members and suppliers can equally find reassurance in our adherence to the ISO27001 standard for Information Security, as the ISO 27001 standard is known and respected worldwide.

YouGov has established, implemented and continues to maintain an Information Security Management System that is certified to ISO27001:2013. The system defines our policies and processes for securing the information we hold and process. The scope of the certification is described in our certificate which can be found below.

We continuously assess risk and improve the security of our systems and processes in order to maintain the confidentiality, integrity and availability of information. Our security processes include the provision of regular security training to all employees, reviews of security policies and security testing on our systems including penetration testing and external/third-party assessments.

We ensure the integrity of data by:

  • Icon of pencil writing on page
    Regular training and activities to raise awareness of all staff on security and data protection matters
  • Icon of folder with crossed-out circle on front
    Access control policies to limit access to information only to those that need it
  • Icon of file in box with tick mark
    Encryption of data both in transit and at rest using industry standards
  • Icon of lock
    Secure handling and disposal of media
  • Icon of security badge
    Physical security at our offices and data centres

We ensure the integrity of data by:

  • Icon of a paper with a download arrow
    Installing and maintaining anti-virus protections on our systems
  • A circle with a diagonal line through it
    Implementing network security including Firewalls and Intrusion Prevention Systems
  • A magnifying glass over an internet browser
    Running a vulnerability management program to detect and protect against security weaknesses

We protect the availability of information and applications through:

  • Icon of a processor chip
    YouGov systems and infrastructure architecture is designed for high availability
  • Icon of an organisational chart
    Change management processes to protect against harmful changes
  • Icon of an upload arrow going into a cloud
    Back up policies and processes are in place to prevent data loss
  • Icon of two arrows looping into each other
    Disaster recovery mechanisms are in place to provide continuity and ability to recove

Cyber Essentials Plus

YouGov in the UK has Cyber Essentials Plus certification. Cyber Essentials Plus is a UK Government backed scheme that provides external assurance of the existence of security to protect against the most common cyber threats.

You can access our certificate here. You can find out more about the scheme and controls assessed at the NCSC website.

Penetration testing and audits

YouGov carries out external assurance audits on an annual basis as part of its ISO27001 certification as well as the Cyber Essentials Plus certification in the UK. These are carried out by accredited third parties.

We carry out security testing on our systems and applications on a regular basis to identify and remediate vulnerabilities. We also work with CREST accredited third-parties who have security specialists that carry out penetration testing on an at-least annual basis to verify the security of our systems and applications.