- Regular security updates: Every week Pearson is updated with the latest enhancements, bug fixes, and security improvements. To avoid disrupting customers, all updates from external services are tested by software and humans before rolling out.
- Secure data access: Our API provides secure access to Pearson data over TLS.
- Authentication: We support external identity providers (IdPs) for single sign-on (SSO) with CAS and SAML, so users can sign in to one application and be automatically logged in to Pearson without needing to re-enter credentials. This feature can help eliminate the need for teachers and students to have multiple credential sets.
- Physical security: Pearson uses Amazon Web Services (AWS) and Microsoft Azure infrastructure. Our cloud providers give us a global infrastructure of hardware, software, networking, and facilities, and is designed and managed around a variety of best practices and global security standards. Azure and AWS participates in various assurance programs, including FERPA, and is regularly independently audited (see https://aws.amazon.com/
compliance and https://www.microsoft.com/en- us/trustcenter/compliance/ default.aspxfor full details).
- Protocol and session security: We use HTTPS for all communication and encrypt all inbound and outbound traffic using 2048-bit TLS.
- Backup and recovery: Pearson data is backed up every day. In the case of a disaster, data can be recovered from these backups. Backups are regularly tested.