Committed to a culture of continual improvement
Pearson VUE sees the need for change and innovation on a daily basis whilst continuing to deliver a consistently excellent service. Pearson VUE achieves this by adopting a continual improvement approach and the successful implementation of internationally recognised standards and best practice.
At the heart of our organisational culture is the willingness to embrace the ideas of others and welcome reviews on our performance. We recognise that a fresh look can help create debate and discussion, whilst building our business. One way we have achieved this is through the adoption of formal management systems.
We are all aware that management systems such as ISO 9001 are designed and built by industry experts and the best practices are taken from their experience. We take the benefit of this experience and use it to continually review and improve our service delivery.
We believe our commitment to continual improvement places us head and shoulders above other organisations in our sector and we are very proud of our achievements in this respect.
Business continuity (Global)
Certified since 2013 to ISO 22301:2012 - the International Standard for Business Continuity Management
Pearson VUE understands that, for many customers, being able to test as scheduled is critical and that a disruption to testing can have a significant impact on plans for academic or professional advancement. Pearson VUE is therefore committed to ensuring that service delivery can be quickly recovered and continued during a disruptive incident.
Pearson VUE was the first computer based testing organisation to certify to ISO 22301 and the first organisation to be certified to the Standard by SGS in both the UK and Japan. This certification provides customers and stakeholders with the confidence that the continuity of service delivery is taken very seriously and that Pearson VUE has robust plans in place should the unexpected occur.
See Global Business Assurance Boilerplate 03 for more information on Pearson VUE’s Business Continuity Management System.
Customer service (UK)
CCA Global Standard
Certified since 2006 to the Customer Contact Association Global Standard (CCA)
Pearson VUE handles over three million customer contacts per year via a broad range of different media. It is our aim that every single one of these contacts meets the highest standards of professionalism and customer service.
CCA is one of the leading industry bodies on customer contact strategies. Being members of the CCA and achievement of their Global Standard presents us with the opportunity to benchmark both operational and customer service performance over a period of time and against other high performing organisations. This ensures that we consistently achieve the highest possible levels of excellence in customer service.
Certified since 2010 to the UK Government Customer Service Excellence Framework
As a UK Government delivery partner, it is important that Pearson VUE shares the same aims and values in customer service so that customers are provided with a consistent and seamless level of service.
Pearson VUE was one of the first non government organisations in the UK to certify to the CSE Framework. Excellence in customer service is a combination of five factors: customer insight, the culture of the organisation, information and access, delivery and timeliness and quality of service. Certification to CSE provides customers with the knowledge and assurance that Pearson VUE demonstrates best practice in all five of these areas.
Data Privacy (US, UK & Japan)
EU-U.S Privacy Shield Framework
Certified since November 2016 - the EU Directive 95/46/EC on the Protection of Personal Data
Each year Pearson VUE processes personal data for over 10 million test takers globally who expect us to protect this information as if it were our own. This data is stored on Pearson VUE’s servers in the US.
It is widely recognised that EU Data Protection Legislation is amongst the most robust in the world. Pearson VUE has therefore signed up to the EU-U.S. PRIVACY SHIELD FRAMEWORK PRINCIPLES which provides test takers in the EU with the assurance that their data is processed and stored in accordance with the requirements of their stringent local data privacy laws.
Data Protection Act
Registered as a Data Controller with the UK Information Commissioners Office (ICO) since July 2004
The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO is also responsible for regulating compliance with the UK Data Protection Act.
Pearson VUE complies with the requirements of the Data Protection Act as well as other supporting pieces of legislation including the CCTV Code of Practice, the Privacy and Electronic Communications Regulations and the Freedom of Information Act. All requirements are built into Pearson VUE’s formal ISO 27001 Information Security Management System and audited regularly to ensure continued compliance.
Use of PrivacyMark since 2013 – the Japan Industrial Standard (JIS Q 15001) for Privacy Mark
Pearson VUE Japan has been assessed for the PrivacyMark System, which requires appropriate measures to be taken by the organization in order to protect personal information. Pearson VUE Japan has been granted the right to display "PrivacyMark" in the course of its business activities.
The grant of use of PrivacyMark means that Pearson VUE Japan has been objectively evaluated to ensure compliance with relevant laws and regulations, including JIS Q 15001. This is an effective tool that allows Pearson VUE Japan to demonstrate compliance with the law and that the organization has voluntarily established a personal information protection management system with a high level of protection.
Certified since 2009 to ISO 14001 – the International Standard for Environmental Management
Given the environment we live and operate in, it is essential that we minimize any negative effects our operations have on the environment. That’s why Pearson VUE set about achieving certification to ISO 14001.
Our work does not end on achieving the Standard though and we strive to continually reduce our carbon footprint and improve our interaction with the environment.
Financial controls (Global)
PCI DSS Level 1 compliant – the security standard for payment card data security
The PCI Security Standards is a robust and comprehensive standard to enhance payment card data security. It provides a framework of specifications, tools, measurements and support resources that has helped Pearson VUE to ensure the safe handling of cardholder information at every step through the organisation’s corporate security strategy and IT infrastructure.
Pearson VUE processes over 12 million payment card transactions per year. Compliance with PCI DSS means customers can trust us with their sensitive payment card information. By staying compliant Pearson VUE is part of the solution, a united, global response to fighting payment card data compromise.
SOC for Service Organization
Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting
These reports are prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, are specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors), in evaluating the effect of the controls at the service organization on the user entities’ financial statements.
Pearson VUE is assessed against Statement on Standards for Attestation Engagements 18 (SSAE18) on an annual basis by a suitably identified audit firm. A SOC 1 Type 2 report is issued on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period. This process results in the identification of opportunities for improvements in many operational areas which promotes Pearson VUE’s culture of continual improvement.
Information Security (1. US, 2. UK, 3. Global)
Compliant with Federal Information Security Management Act (FISMA)
Pearson VUE works with U.S federal government agencies and is compliant with the Federal Information Security Management Act 2002, which is US legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats.
Pearson VUE conducts annual reviews of its information security programme in line with the FISMA framework which is further defined by the National Institute of Standards and Technology (NIST) standard and guidelines. This ensures that Pearson VUE is keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner.
Compliant with Her Majesty’s Government Information Assurance Maturity Model (IAMM) and Security Policy Framework (SPF)
As a UK government delivery partner, Pearson VUE is required to comply with the Security Policy Framework and has implemented all the mandatory controls.
Pearson VUE’s commitment to information security best practice is further exemplified by the extension of its ISO 27001 Management System to incorporate the requirements of the government’s Information Assurance Maturity Model and Security Policy Framework.
Certified since 2005 to ISO 27001 - the International Standard for Information Security Management
Information is the lifeblood of any business and no more so than at Pearson VUE where customers entrust important and sensitive information. This ranges from the personal details of over 10 million test takers per year to sensitive proprietary data and intellectual property such as exam content.
Certification to ISO 27001 shows Pearson VUE’s customers that this responsibility is taken very seriously and that the mechanisms are in place to protect the confidentiality, integrity and availability of such information.
Certified since 2005 to ISO 9001 - the International Standard for Quality Management
Pearson VUE recognises that the success of its business is entirely dependent on delivering services and products that consistently meet and exceed customer requirements, whilst remaining competitive and innovative.
Certification to ISO 9001 provides Pearson VUE’s customers with the assurance that their needs are at the centre of the organisation’s business processes and that their feedback will be sought in order to continually improve service delivery.
Exam Development & Delivery (1 & 2. Global, 3. UK)
Compliant with ISO 17024, the International Standard for Conformity Assessment – General Requirements for Bodies Operating Certification of Persons
Developments in technology have meant that there is an increasingly mobile and global workforce. Certification of employee competency now needs to include industry recognised qualifications that translate across international borders.
ISO 17024 outlines the best practice in developing employee certification programmes, such as those delivered by many of Pearson VUE’s customers. The best practice within ISO 17024 is aimed at ensuring that such programmes operate in a consistent, comparable and reliable manner globally.
By achieving compliance with ISO 17024, Pearson VUE can demonstrate to users that integrity, validity and reliability are central to the development of its tests.
Compliant with ISO 23988, the International Code of Practice for the Use of Information Technology (IT) in the Delivery of Assessments
Developments in IT have led to it becoming the primary mechanism for delivering, scoring and recording test and assessment responses. IT delivery offers a number of benefits including greater speed and efficiency, better feedback and improvements in validity and reliability. However, its increased use has raised issues surrounding the security and fairness of IT-delivered assessments, as well as resulting in a wide range of different practices.
By achieving compliance with ISO 23988, Pearson VUE can demonstrate to users that it adopts best practice in this field and users can be reassured and confident that its approach totally addresses any security and fairness concerns.
Compliant with the Office of Qualifications and Examinations Regulation (Ofqual) Conditions of Recognition
Ofqual is a UK government body tasked with regulating the delivery of qualification, training and testing programmes. Many of Pearson VUE’s customers are subject to Ofqual regulation and are required to comply with the Ofqual Conditions of Recognition.
Whilst Pearson VUE is not currently regulated by Ofqual, as a trusted test delivery partner it is important that it support its customers by adopting the same practices and standards where possible. This not only helps Pearson VUE to adopt industry recognised best practice but also helps its customers in achieving and maintaining their compliance to Ofqual requirements.
Internal Audit (Global)
Compliant with ISO 19011, the International Standard that sets guidelines for managing systems auditing
Pearson VUE is committed to establishing and maintaining a culture and ethos of continual improvement across all global locations. As Pearson VUE grows and develop its business it is important that methods and processes are established that help the organisation to gain the assurance and confidence that its business is operating properly and effectively and to identify potential opportunities for improvement. One way of achieving this is through the independent and objective internal audit of Pearson VUE’s working practices.
Pearson VUE has an extensive and robust global internal audit process established against the requirements outlined in ISO 19011.
Risk Management (Global)
Compliant with the requirements of ISO 31000 – the International Standard for Risk Management
Risk is not necessarily a bad thing, along with risk comes opportunity and reward. Having a well embedded and effective risk management framework allows Pearson VUE to assess the uncertainty of the future to make the best possible decision today.
Pearson VUE’s risk management framework is built on the principles of ISO 31000 with the purpose of not eliminating risk but understanding it so that the organisation can take advantage of the opportunities it affords, and minimise the adverse impacts.
Our formally certified management systems are subject to rigorous internal audit and are externally audited at least once annually with a full strategic review every three years. This auditing regime keeps us on our toes and is welcomed by our staff to support the continual improvement ethos.
For Pearson VUE these certifications are a reminder and recognition of the hard work and commitment from our staff to deliver on customer service excellence, operational excellence and best practice.
Updated 16 October 2019