This article is intended to provide an overview of the information security related aspects of the Aperian Global GlobeSmart® Learning Platform (GlobeSmart) which includes GlobeSmart Culture Guides, the GlobeSmart Profile, Learning Modules, and Assessments.
The website can be found at https://globesmart.aperianglobal.com.
Personal Information (PI) Collected by Aperian Global
This website collects minimal personal information (PI), not generally considered as sensitive. No financial, health-related (HIPAA) information or GDPR special categories are collected.
For a complete list of PI collected, see question number 3 below.
GlobeSmart is an online learning platform that helps individuals explore business topics related to over 100 cultures, so that they can work more effectively with people from different cultures. The GlobeSmart Profile is a cultural inventory that helps individuals discover their preferred work style. It is not meant to be a predictor of success or a tool to select any individual for a role or an assignment.
GlobeSmart Learning Modules are linear, self-paced courses where users can learn about improving global collaboration, promoting diversity and inclusion, or developing a global mindset.
Assessments include survey interactions that result in scores and individual feedback reports on inclusivity, teamwork, and leadership.
GlobeSmart is licensed by over 170 global organizations (10% of Global Fortune 100 companies) and leveraged in our work with more than 30% of the Global Fortune 100, spread across industries and geographies. Many of our clients have stringent information security policies and have approved GlobeSmart for use in their organizations.
Frequently Asked Questions
Below are Frequently Asked Questions related to information security of the GlobeSmart Learning Platform (GlobeSmart). Should you have any specific questions, please contact your Aperian Global Account Manager or GlobeSmart Engagement Manager.
1. What are the minimum browser and system requirements for the GlobeSmart Learning Platform?
Users would need to register on http://globesmart.aperianglobal.com and continue to access this link by logging into their individual user accounts that are linked to the corporate account.
To access the link, the users’ computers need to be able to access the internet.
- Internet Speed/Bandwidth requirement of 768 kbps
- Pop-Up blockers should be disabled.
- Processor: Pentium 3 or better
- Minimum 256mb RAM
- Browser: The latest versions of internet browsers are supported, including Google Chrome, Safari, Mozilla Firefox, and Microsoft Edge
- If not using a single-sign on solution (SSO), users need a valid email address
2. Security and Location of Services
Service is primarily provided from the Aperian Global office in Raleigh, North Carolina, USA. Colleagues in our Oakland, California, USA, and our Bangalore, India office also provide service.
Aperian Global’s applications are hosted on state-of-the-art, high-security data centers located in the USA as follows:
- GlobeSmart Learning Portal (https://globesmart.aperianglobal.com) on Amazon Web Services (AWS)
These cloud providers security information can be viewed here:
Application Subprocessor List
GlobeSmart Subprocessors and Subsidiaries
Application Platform Components
3. What personal information is gathered by the GlobeSmart Learning Platform?
GlobeSmart requires the following personal information to create and register an account:
- Email address
- First and Last name
- IP address - this data is collected automatically
GlobeSmart users may respond to demographic questions to include their home culture and job type in their GlobeSmart Account Settings. Demographic questions are optional and each drop-down menu includes an “I choose not to respond” option.
4. Who has access to users' personal information?
Aperian Global software developers have access to the database of user data for the purpose of site development, operation, maintenance, and troubleshooting issues. Aperian Global Technical Support Agents and Product Development team members have limited access to user records in order to provide customer support.
5. Data Protection
The following common questions relate to Aperian Global's data protection policies and practices:
- How do you protect employees email addresses and other employee data on your servers?
- Aperian Global’s networks and servers are protected by firewalls, load-balancers, antivirus, and other industry standard best practices for data security.
- As users access the system, individuals select their own password at registration. The encrypted passwords are saved in the encrypted databases. Access is granted by email and password unless the Single Sign On (SSO using SAML) option has been enabled.
- How do you protect employees email addresses and other employee data during transmission and at rest?
- All server connections are over HTTPS/TLS (SHA256withRSA). Our web site receives an A+ security rating from SSLLabs, which you can view here: https://www.ssllabs.com/ssltest/analyze.html?d=globesmart.aperianglobal.com
- Databases and backups are encrypted via AWS RDS/AES-256 encryption.
- Are logins to the application being recorded in a log (connection data)?
- Please comment on the deletion of data, in case of termination or expiration of the agreement.
- By retaining data for the 6 month grace period, we allow a client to re-establish a relationship with us and not lose their historical data and their user's accounts and GlobeSmart Profiles. When clients decide to switch to a block license format (from enterprise), the 6 month grace period also ensures that employees now using GlobeSmart in the block license format will not lose their historical data.
- If the client wishes to renew the account after 6 months time, they will be treated as a new company (since no data will exist in our system).
- We can delete client and associated users information sooner upon written request by client.
- What ports does GlobeSmart use?
- Port 443 (TLS)
6. What are the application's password requirements?
The application's password requirements are: passwords must have a minimum ten (10) characters; utilize lowercase (a-z), upper case (A-Z), numbers (0-9) and special characters (!@#$%^&*); and contain no more than 2 identical characters in a row. Additionally, users are not allowed to re-use any of their last 5 passwords. Accounts are locked after 10 unsuccessful login attempts.
Sessions timeout after 30 minutes of idle time and the user must login again to begin a new session.
7. General Legal inquiries
- In addition to careful hiring, we conduct criminal background checks on all employees with access to client data including access to the backend of GlobeSmart and related systems.
8. Security Breaches and Notifications
- Does Aperian Global have a defined communication plan for any outages, data loss, and/or other unplanned event or outage?
- We do have a communication plan and also handle these situations on a case-by-case basis.
- Does Aperian Global run data back-ups?
- Data backups are as follows: daily incremental, weekly full. Database transactions hourly. Backups are stored on-site for 30 days.