Overview
This article is intended to provide an overview of the information security related aspects of the Aperian® Learning Platform (Aperian) which includes GlobeSmart Guides, the GlobeSmart Profile, Learning Modules, and Inclusive Behaviors Inventory (IBI).
The website can be found at https://app.aperian.com.
Personal Information (PI) Collected by Aperian
This website collects minimal personal information (PI), not generally considered as sensitive. No financial, health-related (HIPAA) information or GDPR special categories are collected.
For a complete list of PI collected, see question number 3 below.
Please review Aperian's GDPR statement, Terms of Use, and Privacy Policy which provide detailed information about the nature of information collected and its use.
Aperian Summary
Aperian is an online learning platform that helps individuals explore business topics related to over 100 cultures, so that they can work more effectively with people from different cultures. The GlobeSmart Profile is a cultural inventory that helps individuals discover their preferred work style. It is not meant to be a predictor of success or a tool to select any individual for a role or an assignment.
Learning Modules are linear, self-paced courses where users can learn about improving global collaboration, promoting diversity and inclusion, or developing a global mindset.
IBI includes survey interactions that result in scores and individual feedback reports on inclusivity, teamwork, and leadership.
Aperian is licensed by over 170 global organizations (10% of Global Fortune 100 companies) and leveraged in our work with more than 30% of the Global Fortune 100, spread across industries and geographies. Many of our clients have stringent information security policies and have approved Aperian for use in their organizations.
Frequently Asked Questions
Below are Frequently Asked Questions related to information security of the Aperian Learning Platform (Aperian). Should you have any specific questions, please contact your Aperian Account Manager or Client Success Manager.
1. What are the minimum browser and system requirements for the Aperian Learning Platform?
Users would need to register on http://app.aperian.com and continue to access this link by logging into their individual user accounts that are linked to the corporate account.
To access the link, the users’ computers need to be able to access the internet.
- Internet Speed/Bandwidth requirement of 768 kbps
- Pop-Up blockers should be disabled.
- Processor: Pentium 3 or better
- Minimum 256mb RAM
- Browser: The latest versions of internet browsers are supported, including Google Chrome, Safari, Mozilla Firefox, and Microsoft Edge
- If not using a single-sign on solution (SSO), users need a valid email address
2. Security and Location of Services
Service is primarily provided from the Aperian office in Raleigh, North Carolina, USA. Colleagues in our Oakland, California, USA, and our Bangalore, India office also provide service.
Infrastructure Security
Aperian's applications are hosted on state-of-the-art, high-security data centers located in the USA as follows:
- The Aperian platform (https://app.aperian.com) on Amazon Web Services (AWS)
These cloud providers security information can be viewed here:
- Amazon Compliance [attachment]
Application Subprocessor List
Aperian Subprocessors and Subsidiaries
Application Platform Components
- Linux
- Apache
- PHP
- MySQL
- Javascript
- Node.js
- React
- Drupal
3. What personal information is gathered by the Aperian Platform?
Aperian requires the following personal information to create and register an account:
- Email address
- First and Last name
- IP address - this data is collected by the users browser and Aperian does not store it
Aperian users may respond to demographic questions to include their home culture and job type in their Aperian Account Settings. Demographic questions are optional and each drop-down menu includes an “I choose not to respond” option.
Additional information collected is described in the Privacy Policy (section titled "Information Collected and its Use").
4. Who has access to users' personal information?
Aperian software developers have access to the database of user data for the purpose of site development, operation, maintenance, and troubleshooting issues. Aperian Technical Support Agents and Product Development team members have limited access to user records in order to provide customer support.
5. Data Protection
The following common questions relate to Aperian's data protection policies and practices:
-
How do you protect employees email addresses and other employee data on your servers?
- Aperian's networks and servers are protected by firewalls, load-balancers, antivirus, and other industry standard best practices for data security.
- As users access the system, individuals select their own password at registration. The encrypted passwords are saved in the encrypted databases. Access is granted by email and password unless the Single Sign On (SSO using SAML) option has been enabled.
-
How do you protect employees email addresses and other employee data during transmission and at rest?
- All server connections are over HTTPS/TLS (SHA256withRSA). Our web site receives an A+ security rating from SSLLabs, which you can view here: https://www.ssllabs.com/ssltest/analyze.html?d=app.aperian.com
- Databases and backups are encrypted via AWS RDS/AES-256 encryption.
-
Are logins to the application being recorded in a log (connection data)?
- Yes
-
Please comment on the deletion of data, in case of termination or expiration of the agreement.
- According to our Privacy Policy, “Aperian will delete all client and associated User information 6 months after the last end date of client's subscription.”
- By retaining data for the 6 month grace period, we allow a client to re-establish a relationship with us and not lose their historical data and their user's accounts and GlobeSmart Profiles. When clients decide to switch to a block license format (from enterprise), the 6 month grace period also ensures that employees now using Aperian in the block license format will not lose their historical data.
- If the client wishes to renew the account after 6 months time, they will be treated as a new company (since no data will exist in our system).
- We can delete client and associated users information sooner upon written request by client.
- Please check the Privacy Policy for the most recent information.
-
What ports does Aperian use?
- Port 443 (TLS)
6. What are the application's password requirements?
The application's password requirements are: passwords must have a minimum ten (10) characters; utilize lowercase (a-z), upper case (A-Z), numbers (0-9) and special characters (!@#$%^&*); and contain no more than 2 identical characters in a row. Additionally, users are not allowed to re-use any of their last 5 passwords. Accounts are locked after 5 unsuccessful login attempts.
Sessions timeout after 30 minutes of idle time and the user must login again to begin a new session.
7. General Legal inquiries
-
Please explain the goal of the “terms of use”. From our perspective, the bonding terms and conditions will be included only in the contract between Aperian and an organization.
- Yes, the terms and conditions negotiated in the agreement between Aperian and an organization are binding. The online Terms of Use are there to supplement the ones in our agreement and to educate the end user of their rights and responsibilities regarding the specific use and functions of the web tool.
-
Please provide further information with respect to the following sentence in the terms of use: “By registering and accessing or using the Site and Software, you consent to the use of cookies and the transfer and processing of your personal information in the United States by us or our service providers and you agree to the use of your personal information and email address to contact you regarding the use of the Site and the Software, and their features and services.” Please explain to which entities Aperian intends to transfer the information.
- As a matter of policy, AG never sells or shares personal user data with third parties. That said, we do contract with a data storage service for the secure storage and maintenance of our servers. Hence, they technically have access to our data although they are under strict contractual obligations not to access, use, or sell any of it. As for the use of cookies, we do track user activity on the site for the sole purpose of enabling users to find the results of their activity on the site upon their return. Thus we track for each individual user's information such as: whether they have taken a certain quiz, and if so, their latest score; their GlobeSmart Profile, etc. Aperian will never share any personal information of users, nor any data gathered from cookies with any third parties, and used and handled only for the purpose for which it was received. Our Privacy Policy is quite definite about this.
- In addition to careful hiring, we conduct criminal background checks on all employees with access to client data including access to the backend of Aperian and related systems.
8. Security Breaches and Notifications
-
Does Aperian have a defined communication plan for any outages, data loss, and/or other unplanned event or outage?
- We do have a communication plan and also handle these situations on a case-by-case basis.
-
Does Aperian run data back-ups?
- Data backups are as follows: daily incremental, weekly full. Database transactions hourly. Backups are stored on-site for 30 days.