Information security
At LearnSci, data security is of the utmost importance. Our commitment to data protection and rigorous security measures is demonstrated via ongoing review and maintenance of our information security policies and practices, and compliance with relevant guidelines.
We can also share our expertise in this area with our partners worldwide by supporting you in navigating information security queries that may arise from your institution, and we can usually provide any requested paperwork within a few days.
Data security and GDPR
We have always taken the security of personally identifiable data (PII) very seriously and ensured its handling is consistent and fully compliant with data protection legislation like GDPR (General Data Protection Regulation), the UK’s data protection legislation. Any personal information that we hold is:
- Used lawfully, fairly and only for the specific purpose it was obtained
- Kept securely
- Deleted when no longer required or at the request of the individual
LearnSci staff are provided with regular data protection and information security training to ensure that anyone who processes personal data is aware of their obligations and complies with our policies.
On first accessing any one of our platforms, every user is provided with details of the data we are collecting, how it will be used and retention times via our Privacy Policy.
If you have further questions about our approach to GPDR, our Data Protection Officer can be contacted on support@learnsci.com.
ISO 27001:2022 certification
We achieved ISO 27001:2022 certification, the internationally recognised standard for information security management, in March 2025. Compliance with ISO 27001 confirms our company-wide commitment to security, verified through annual audits by an independent third party. Our current certification is valid until March 2028 - view the certificate here.
LearnSci’s information security management system
We maintain a comprehensive cloud-hosted information security management system (ISMS) that contains our top level information security policy, over 200 policies related to GDPR and ISO 27001, as well as risk registers, incident and threat management tracks, and business continuity plans. All these are regularly reviewed by assigned owners, and key policies must be re-read and acknowledged by all staff on at least an annual basis.
Here you will find some further information about key aspects of our ISMS.
Access control
Access control throughout LearnSci is based on the key principles of ‘deny-by-default’, ‘need-to-know’ and ‘least privilege’, and wherever possible reinforced with hardware-based multi-factor authentication.
Risk register
We operate a risk register where for every risk we have identified, we assess its potential effect on confidentiality, integrity and availability, as well as the likelihood of it occurring. Each risk is protected by at least one linked control to try and reduce its overall impact. Risks are reviewed on a regular basis, depending on their potential impact.
Incident and threat management
Any reported security weaknesses, incidents or events are recorded on a tracker and fully investigated. A similar process takes place for potential threats. Together these tracks enable us to act quickly and maintain our high levels of data protection.
Business continuity and disaster recovery
We have robust processes in place to protect and recover your data and our services in the event of any disruption to normal business, whatever the cause. Our disaster recovery plan is regularly tested by performing a full backup and restore on each of our platforms, meaning you can be confident in our resilience.
If you have any specific questions or need further information, our Chief Information Security Officer can be contacted on support@learnsci.com.