This article is intended to provide an overview of the information security related aspects of the Aperian® Learning Platform (Aperian) which includes GlobeSmart Guides, the GlobeSmart Profile, Learning Modules, and Inclusive Behaviors Inventory (IBI).
The website can be found at https://app.aperian.com.
Personal Information (PI) Collected by Aperian
This website collects minimal personal information (PI), not generally considered as sensitive. No financial, health-related (HIPAA) information or GDPR special categories are collected.
For a complete list of PI collected, see question number 3 below.
Aperian is an online learning platform that helps individuals explore business topics related to over 100 cultures, so that they can work more effectively with people from different cultures. The GlobeSmart Profile is a cultural inventory that helps individuals discover their preferred work style. It is not meant to be a predictor of success or a tool to select any individual for a role or an assignment.
Learning Modules are linear, self-paced courses where users can learn about improving global collaboration, promoting diversity and inclusion, or developing a global mindset.
IBI includes survey interactions that result in scores and individual feedback reports on inclusivity, teamwork, and leadership.
Aperian is licensed by over 170 global organizations (10% of Global Fortune 100 companies) and leveraged in our work with more than 30% of the Global Fortune 100, spread across industries and geographies. Many of our clients have stringent information security policies and have approved Aperian for use in their organizations.
Frequently Asked Questions
Below are Frequently Asked Questions related to information security of the Aperian Learning Platform (Aperian). Should you have any specific questions, please contact your Aperian Account Manager or Client Success Manager.
1. What are the minimum browser and system requirements for the Aperian Learning Platform?
Users would need to register on http://app.aperian.com and continue to access this link by logging into their individual user accounts that are linked to the corporate account.
To access the link, the users’ computers need to be able to access the internet.
- Internet Speed/Bandwidth requirement of 768 kbps
- Pop-Up blockers should be disabled.
- Processor: Pentium 3 or better
- Minimum 256mb RAM
- Browser: The latest versions of internet browsers are supported, including Google Chrome, Safari, Mozilla Firefox, and Microsoft Edge
- If not using a single-sign on solution (SSO), users need a valid email address
2. Security and Location of Services
Service is primarily provided from the Aperian office in Raleigh, North Carolina, USA. Colleagues in our Oakland, California, USA, and our Bangalore, India office also provide service.
Aperian's applications are hosted on state-of-the-art, high-security data centers located in the USA as follows:
- The Aperian platform (https://globesmart.aperianglobal.com) [new URL] on Amazon Web Services (AWS)
These cloud providers security information can be viewed here:
- Amazon Compliance [attachment]
Application Subprocessor List
Application Platform Components
3. What personal information is gathered by the Aperian Platform?
Aperian requires the following personal information to create and register an account:
- Email address
- First and Last name
- IP address - this data is collected automatically
Aperian users may respond to demographic questions to include their home culture and job type in their Aperian Account Settings. Demographic questions are optional and each drop-down menu includes an “I choose not to respond” option.
4. Who has access to users' personal information?
Aperian software developers have access to the database of user data for the purpose of site development, operation, maintenance, and troubleshooting issues. Aperian Technical Support Agents and Product Development team members have limited access to user records in order to provide customer support.
5. Data Protection
The following common questions relate to Aperian's data protection policies and practices:
- How do you protect employees email addresses and other employee data on your servers?
- Aperian's networks and servers are protected by firewalls, load-balancers, antivirus, and other industry standard best practices for data security.
- As users access the system, individuals select their own password at registration. The encrypted passwords are saved in the encrypted databases. Access is granted by email and password unless the Single Sign On (SSO using SAML) option has been enabled.
- How do you protect employees email addresses and other employee data during transmission and at rest?
- All server connections are over HTTPS/TLS (SHA256withRSA). Our web site receives an A+ security rating from SSLLabs, which you can view here: https://www.ssllabs.com/ssltest/analyze.html?d=globesmart.aperianglobal.com
- Databases and backups are encrypted via AWS RDS/AES-256 encryption.
- Are logins to the application being recorded in a log (connection data)?
- Please comment on the deletion of data, in case of termination or expiration of the agreement.
- By retaining data for the 6 month grace period, we allow a client to re-establish a relationship with us and not lose their historical data and their user's accounts and GlobeSmart Profiles. When clients decide to switch to a block license format (from enterprise), the 6 month grace period also ensures that employees now using Aperian in the block license format will not lose their historical data.
- If the client wishes to renew the account after 6 months time, they will be treated as a new company (since no data will exist in our system).
- We can delete client and associated users information sooner upon written request by client.
- What ports does Aperian use?
- Port 443 (TLS)
6. What are the application's password requirements?
The application's password requirements are: passwords must have a minimum ten (10) characters; utilize lowercase (a-z), upper case (A-Z), numbers (0-9) and special characters (!@#$%^&*); and contain no more than 2 identical characters in a row. Additionally, users are not allowed to re-use any of their last 5 passwords. Accounts are locked after 10 unsuccessful login attempts.
Sessions timeout after 30 minutes of idle time and the user must login again to begin a new session.
7. General Legal inquiries
- In addition to careful hiring, we conduct criminal background checks on all employees with access to client data including access to the backend of Aperian and related systems.
8. Security Breaches and Notifications
- Does Aperian have a defined communication plan for any outages, data loss, and/or other unplanned event or outage?
- We do have a communication plan and also handle these situations on a case-by-case basis.
- Does Aperian run data back-ups?
- Data backups are as follows: daily incremental, weekly full. Database transactions hourly. Backups are stored on-site for 30 days.