Our approach to security
The protection and security of the client and panel data we hold and process is fundamental to our business and a top priority. As a global data and analytics business, our clients, panel members and suppliers can equally find reassurance in our adherence to the ISO27001 standard for Information Security, as the ISO 27001 standard is known and respected worldwide.
YouGov has established, implemented and continues to maintain an Information Security Management System that is certified to ISO27001:2013. The system defines our policies and processes for securing the information we hold and process. The scope of the certification is described in our certificate which can be found below.
We continuously assess risk and improve the security of our systems and processes in order to maintain the confidentiality, integrity and availability of information. Our security processes include the provision of regular security training to all employees, reviews of security policies and security testing on our systems including penetration testing and external/third-party assessments.
Cyber Essentials Plus
YouGov in the UK has Cyber Essentials Plus certification. Cyber Essentials Plus is a UK Government backed scheme that provides external assurance of the existence of security to protect against the most common cyber threats.
Penetration testing and audits
YouGov carries out external assurance audits on an annual basis as part of its ISO27001 certification as well as the Cyber Essentials Plus certification in the UK. These are carried out by accredited third parties.
We carry out security testing on our systems and applications on a regular basis to identify and remediate vulnerabilities. We also work with CREST accredited third-parties who have security specialists that carry out penetration testing on an at-least annual basis to verify the security of our systems and applications.