Overview

This article is intended to provide an overview of the information security related aspects of the Aperian Global GlobeSmart® Learning Platform (GlobeSmart) which includes GlobeSmart Culture Guides, the GlobeSmart Profile, Learning Modules, and Assessments.

The website can be found at https://globesmart.aperianglobal.com.

Personal Information (PI) Collected by Aperian Global

This website collects minimal personal information (PI), not generally considered as sensitive. No financial, health-related (HIPAA) information or GDPR special categories are collected.

For a complete list of PI collected, see question number 3 below.

Please review Aperian Global’s GDPR statement, Terms of Use, and Privacy Policy which provide detailed information about the nature of information collected and its use.

GlobeSmart Summary

GlobeSmart is an online learning platform that helps individuals explore business topics related to over 95 cultures, so that they can work more effectively with people from different cultures. The GlobeSmart Profile is a cultural inventory that helps individuals discover their preferred work style. It is not meant to be a predictor of success or a tool to select any individual for a role or an assignment.

GlobeSmart Learning Modules are linear, self-paced courses where users can learn about improving global collaboration, promoting diversity and inclusion, or developing a global mindset.

Assessments include survey interactions that result in scores and individual feedback reports on teamwork, leadership, cultural knowledge, and inclusion.

GlobeSmart is licensed by over 170 global organizations (10% of Global Fortune 100 companies) and leveraged in our work with more than 30% of the Global Fortune 100, spread across industries and geographies. Many of our clients have stringent information security policies and have approved GlobeSmart for use in their organizations.

Frequently Asked Questions

Below are Frequently Asked Questions related to information security of the GlobeSmart Learning Platform (GlobeSmart). Should you have any specific questions, please contact your Aperian Global Account Manager or GlobeSmart Engagement Manager.

1. What are the minimum browser and system requirements for the GlobeSmart Learning Platform?

Users would need to register on http://globesmart.aperianglobal.com and continue to access this link by logging into their individual user accounts that are linked to the corporate account.

To access the link, the users’ computers need to be able to access the internet.

  • Internet Speed/Bandwidth requirement of 768 kbps
  • Pop-Up blockers should be disabled.
  • Processor: Pentium 3 or better
  • Minimum 256mb RAM
  • Browser: The latest versions of internet browsers are supported, including Google Chrome, Safari, Mozilla Firefox, and Microsoft Edge
  • If not using a single-sign on solution (SSO), users need a valid email address

2. Security and Location of Services

Service is primarily provided from the Aperian Global office in Raleigh, North Carolina, U.S. Colleagues in our Oakland, California, U.S. and our Bangalore, India office also provide service.

Infrastructure Security

Aperian Global’s applications are hosted on state-of-the-art, high-security data centers located in the U.S. as follows:

  • GlobeSmart Learning Portal (https://globesmart.aperianglobal.com) on Amazon Web Services (AWS)
  • Aperian Global Learning Portal (https://learning.aperianglobal.com) on Google Cloud Platform (GCP)

These cloud providers security information can be viewed here:

Application Subprocessor List

GlobeSmart Subprocessors and Subsidiaries

Application Platform Components

  • Linux
  • Apache
  • PHP
  • MySQL
  • Javascript
  • Node.js
  • React
  • Drupal

3. What personal information is gathered by the GlobeSmart Learning Platform?

GlobeSmart requires the following personal information to create and register an account:

  • Email address
  • First and Last name
  • IP address - this data is collected automatically

GlobeSmart users may respond to demographic questions to include their home culture and job type in their GlobeSmart Account Settings. Demographic questions are optional and each drop-down menu includes an “I choose not to respond” option.

Additional information collected is described in the Privacy Policy (section titled "Information Collected and its Use").

4. Who has access to users' personal information?

Aperian Global software developers have access to the database of user data for the purpose of site development, operation, maintenance, and troubleshooting issues. Aperian Global Technical Support Agents and Product Development team members have limited access to user records in order to provide customer support.

5. Data Protection

  1. How do you protect employees email addresses and other employee data on your servers?
    1. Aperian Global’s networks and servers are protected by firewalls, load-balancers, antivirus, and other industry standard best practices for data security.
    2. As users access the system, individuals select their own password at registration. The encrypted passwords are saved in the encrypted databases. Access is granted by email and password unless the Single Sign On (SAML) option has been enabled.
  2. How do you protect employees email addresses and other employee data during transmission and at rest?
    1. All server connections are over HTTPS/TLS (SHA256withRSA). Our web site receives an A+ security rating from SSLLabs, which you can view here: https://www.ssllabs.com/ssltest/analyze.html?d=globesmart.aperianglobal.com
    2. Databases and backups are encrypted via AWS RDS/AES-256 encryption.
  3. Are logins to the application being recorded in a log (connection data)?
    1. Yes
  4. Please comment on the deletion of data, in case of termination or expiration of the agreement.
    1. According to our Privacy Policy, “Aperian Global will delete all client and associated User information 6 months after the last end date of client's subscription.”
    2. If the client wishes to renew the account after 6 months time, they will be treated as a new company (since no data will exist in our system).
    3. We can delete client and associated users information sooner upon written request by client.
    4. Please check the Privacy Policy for the most recent information.
  5. What ports does GlobeSmart use?
    1. Port 443 (TLS)

6. What are the application's password requirements?

The application's password requirements are: passwords must have a minimum ten (10) characters; utilize lowercase (a-z), upper case (A-Z), numbers (0-9) and special characters (!@#$%^&*); and contain no more than 2 identical characters in a row. Additionally, users are not allowed to re-use any of their last 5 passwords. Accounts are locked after 10 unsuccessful login attempts.

Sessions timeout after 30 minutes of idle time and the user must login again to begin a new session.

7. General Legal inquiries

  1. Please explain the goal of the “terms of use”. From our perspective, the bonding terms and conditions will be included only in the contract between Aperian Global and an organization.
    1. Yes, the terms and conditions negotiated in the agreement between Aperian Global and an organization are binding. The online Terms of Use are there to supplement the ones in our agreement and to educate the end user of their rights and responsibilities regarding the specific use and functions of the web tool.
  2. Please provide further information with respect to the following sentence in the terms of use: “By registering and accessing or using the Site and Software, you consent to the use of cookies and the transfer and processing of your personal information in the United States by us or our service providers and you agree to the use of your personal information and email address to contact you regarding the use of the Site and the Software, and their features and services.” Please explain to which entities GlobeSmart intends to transfer the information. 
    1. As a matter of policy, AG never sells or shares personal user data with third parties. That said, we do contract with a data storage service for the secure storage and maintenance of our servers. Hence, they technically have access to our data although they are under strict contractual obligations not to access, use, or sell any of it. As for the use of cookies, we do track user activity on the site for the sole purpose of enabling users to find the results of their activity on the site upon their return. Thus we track for each individual user's information such as: whether they have taken a certain quiz, and if so, their latest score; their GlobeSmart Profile, etc. AG will never share any personal information of users, nor any data gathered from cookies with any third parties, and used and handled only for the purpose for which it was received. Our Privacy Policy is quite definite about this.
    2. In addition to careful hiring, we conduct criminal background checks on all employees with access to client data including access to the backend of GlobeSmart and related systems.

8. Security Breaches and Notifications

  1. Does Aperian Global have a defined communication plan for any outages, data loss, and/or other unplanned event or outage?
    1. We do have a communication plan and also handle these situations on a case-by-case basis.
  2. Does Aperian Global run data back-ups?
    1. Data backups are as follows: daily incremental, weekly full. Database transactions hourly. Backups are stored on-site for 30 days.
Was this article helpful?
3 out of 3 found this helpful