Information Security Program
Last updated: February 10, 2022
- Confidentiality, Certified
- Security is Paramount
- Commitment to your privacy
- A Multi-Faceted Security Program
- Governance, Compliance and Education
For 40 years, leaders from across industries and sectors have placed their trust in Angus Reid to provide reliable research that provides guidance and informs decisions. With that trust comes the assurance that their information is secure with us.
Angus Reid is now pleased to announce that it is ISO/IEC 27001:2013 and HIPAA/HITECH certified. These security management standards uphold a set of best practices and controls that reinforce our commitment to data security and client confidentiality.
Security is Paramount
As a full-scale research operation, we’re deeply invested in the quality of our resources. Within that, security is a priority. Understandably, to openly share opinions, our participating panel members expect an unparalleled level of discretion, whatever the issues may be. Maintaining that framework of trust is inherent to who we are.
We uphold those same rigorous standards with our clients as well. Concerning issues of gathering intelligence, gleaning insights, and developing strategy, protection of privacy is essential. Our corporate environment is fully hosted with Office 365 products and protected by the security framework managed by Microsoft. The technology platform providers used for survey data management are also ISO/IEC 27001:2013 certified and we verify their posture periodically.
To reinforce those standards, there is ongoing collaboration between our security and operational teams internally, as well as with our external partners, to bolster continued security and compliance.
Commitment to your privacy
At Angus Reid, we actively protect the confidentiality and data of those who interact with our platform.
We have the technical controls and formalized IT security policies, procedures, and countermeasures in place to protect our platform from unauthorized access or compromise. Our staff undergo security awareness trainings regularly to ensure secure data handling. Our research and operations teams are encouraged to apply privacy by design principles during survey design such as transparency during data collection and data minimization.
A Multi-Faceted Security Program
Our security and compliance program is comprised of several active and ongoing measures that enable data protection. This includes:
- ISO/IEC 27001:2013 certified
- HIPAA/HITECH compliance
- Local market data hosting
- Controls in place to meet the GDPR, CCPA, and COPPA requirements
- Formal third-party review program with agreements in place to cover privacy and security.
- Incident response processes are tested annually with established breach notification procedures
Governance, Compliance and Education
Beyond the elevated certification and compliance standards, our security governance measures include:
- A comprehensive information security policy
- Annual penetration testing
- Change management and incident response processes
- Encryption of sensitive data at rest and in transit by employing powerful cryptographic algorithms
Our regional compliance procedures include:
- Local market data hosting
- GDPR best practices to meet international privacy requirements
- Data Privacy Champions across the organization
- As well, staff undergo security awareness training to emphasize its importance company-wide.
To what regulatory requirements do you adhere?
We meet the GDPR, CCPA, and COPPA standards.
What is your level of security governance?
As a ISO27001 and HIPAA certified organization, Angus Reid maintains an industry-recognized level of security governance.
The Director of Security and Compliance is responsible for the program and reports to the CFO to maintain an appropriate level of executive oversight and independence from the operational and engineering departments. As part of our security program, we maintain a defined information security framework that outlines our policies and procedures, a developed Business Continuity Plan, Incident Response processes, conduct Security Awareness Training and Initiatives continuously, and perform both web application and comprehensive penetration tests.
Who owns the data?
As a data controller, Angus Reid collects and processes data on behalf of its clients. Our surveys are designed to collect only the data necessary for the purpose of the particular survey in question. We use this data for research purposes only and will be reported on in-aggregate.
Who has access to client data?
Access to customer data is based on the particular employee’s role and business need. All access to data is ticketed and approved by management.
Where is the data stored?
Angus Reid provides local market data hosting.
How is the security of data transmission ensured?
All data is encrypted at rest and in transit using cryptographic algorithms, as mandated by Microsoft’s 365 product.