Terms of Business for OPPassessment

These are the Terms of Business for OPPassessment of The Myers-Briggs Company Limited, a company registered in England and Wales (registered number 2218212) whose registered offices are at Elsfield Hall, 15-17 Elsfield Way, Oxford OX2 8EP, UK (The Myers-Briggs Company) and cover the European branch offices of The Myers-Briggs Company Limited (including The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company - Germany). These Terms govern the use of OPPassessment and any associated services.  When we refer to “The Myers-Briggs Company”, “we”, “us” and “our” we mean The Myers-Briggs Company Limited and our European branch offices, unless otherwise stated. 

1 Definitions

1.1 "Materials" means all our electronic products available via the Service and all data gathered by use of the Service;

1.2 "The Myers-Briggs Company" means The Myers-Briggs Company Limited together with its European branch offices (including The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company -  Germany);

1.3 "Purchaser" means the company or individual who has contracted for the Service (who may, or may not, also be a Registered User);

1.4 "Registered User" means an individual who is registered with The Myers-Briggs Company as qualified to administer one or more of The Myers-Briggs Company’s psychometric assessments to respondent test-takers, provided via the Service, to interpret reports compiled from respondent test-taker responses and to provide feedback to respondent test-takers (and whose account has not been suspended);

1.5 "Service" means the OPPassessment service for the electronic delivery, administration and scoring of psychometric instruments and any ancillary services available via the OPPassessment website or any successor to such website;

1.6 "Report Credits" means any pre-paid credits purchased by you from, or issued to you by, The Myers-Briggs Company for individual reports available on OPPassessment, delivered via the Service.

2 Use of the Service

2.1 The Service is accessible only to Registered Users who have pre-registered for the Service and been allocated registration details by The Myers-Briggs Company, including a log-in and password.

2.2 Purchasers and Registered Users are responsible for ensuring the security of their subscription and registration details, including log-in and passwords. Registration details, including log-in and password details, shall not be shared between multiple users. Any loss or theft of such details should be reported to The Myers-Briggs Company as soon as possible in order that replacement log-in and passwords may be created.

2.3 Use of the Service is subject to these Terms and the Guidelines for Ethical Use of Tests and Questionnaires (“Guidelines”). We reserve the right to refuse access to the Service if the Purchaser or the Registered User fails to comply with these Terms or any other The Myers-Briggs Company Terms of Business as are applicable to the Purchaser or User, or the Guidelines.

2.4 Our psychometric assessments are designed for adults and are not intended for children (under 16 years of age). In order to use our assessments, Registered Users shall ensure that respondent test-takers are 16 years of age or over.

3 Registration

3.1 We seek to uphold the guidelines established by the British Psychological Society (or other appropriate bodies outside the UK) on sale and use of psychometric instruments. Therefore, purchases of our psychometric instruments must be made by an identified Registered User who is registered with us as a qualified user of that psychometric instrument. In order to register as a qualified user of a particular psychometric instrument, a user must have successfully completed appropriate training provided or approved by us. Details of training offered by The Myers-Briggs Company are set out in the current catalogue and on The Myers-Briggs Company's website eu.themyersbriggs.com

3.2 The Purchaser shall ensure that the registration details, including a log-in and password allocated to a Registered User, are only used by that Registered User and that the Registered User at all times complies with these Terms.

3.3 If a Registered User ceases to be an employee of, or associated with, the Purchaser, the Purchaser shall inform us as soon as reasonably possible, and we shall delete the name of the Registered User from our register of users of the Service. For the avoidance of doubt, if the Purchaser fails to inform us of any change to its list of permitted Registered Users, and a former employee or associate of the Purchaser continues to use the Service, the Purchaser shall remain liable for any such use of the Service.

4 Ordering

4.1 When a Registered User requests a report in the 'Reports' screen of the OPPassessment website, and then confirms the request in the 'Checkout' screen, an order has been placed.

4.2 Orders cancelled after confirmation will not be refunded.

4.3 An order may be refused if The Myers-Briggs Company has reasonable grounds to believe that it has not been placed by a bona fide Registered User.

4.4 Owing to geographical restrictions imposed by government embargo, The Myers-Briggs Company may refuse orders for the supply of certain questionnaires from Registered Users in certain countries. Further details can be supplied on request. In addition, The Myers-Briggs Company may, on occasion, refer orders for the supply of certain questionnaires from Registered Users in certain countries to its applicable regional office.

4.5 We will use our reasonable endeavours to ensure that reports from the Service are emailed to the Registered User on the same day that the report is requested.

5 Payment

5.1 Subject to clause 5.2, and unless otherwise agreed in writing, we will process orders for reports from the Service only by online payment using a valid debit or credit card at the time of making the order.

5.2 As an alternative to online payment at the time of order, Report Credits may be ordered in advance as follows:

  • 5.2.1 In the event that a Purchaser who is an authorised credit-account-holder orders Report Credits totalling £250 or more (ex VAT) in a single transaction, we will invoice the Purchaser, and such invoices will be paid by the Purchaser within 30 days of the date of invoice. The Report Credits ordered will be available on the Service normally within one hour of the order being processed.
  • 5.2.2 In the event that a Purchaser who is an authorised credit-account-holder orders Report Credits totalling less than £250 (ex VAT) in a single transaction, the Report Credits will become available on the Service only once we have received payment in cleared funds.
  • 5.2.3 Purchasers who are not credit-account-holders may purchase Report Credits, in which case such Report Credits will become available on the Service once we have received payment in cleared funds.

5.3 We reserve the right to charge you interest and costs of recovery in accordance with the Late Payment of Commercial Debts (Interest) Act 1998 (as amended).

5.4 Unless otherwise stated, the price payable for the Service will be the price as set out in the current The Myers-Briggs Company catalogue; VAT will be added to the price where applicable.

6 Report Credits

6.1 Report Credits shall have a duration of use of twelve (12) months from the date of purchase, subsequent to which any unused Report Credits shall expire. 

6.2 Report Credits are non-refundable and must be for specific report types in specific quantities; we regret it is not possible to pre-pay for general credits usable for any of our range of reports.

6.3 In the event that Report Credits are issued by The Myers-Briggs Company as part of a training workshop, for which the price is integral to the cost of such workshop, the duration of use of such Report Credits shall be limited to three (3) months, subsequent to which any such Report Credits which are unused shall expire.

7 Purchaser's obligations

7.1 The Purchaser understands and acknowledges that in order to use the Service certain technical requirements relating to hardware and software available to the Registered User and the test-taker will need to be met. Further details can be supplied on request.

7.2 The Purchaser may provide the Materials to individual test-takers in order for such test-takers to be assessed under the Purchaser's supervision; in no other circumstances may the Purchaser give, sell, or otherwise dispose of, the Materials or the Service, or any part of the Materials or Service, to third parties or act as agent or distributor of the Materials or the Service. Any on-selling or any unauthorised use, reproduction or modification of the Materials and/or the Service is strictly prohibited.

7.3 The Purchaser may not make use of data collected as a result of the Purchaser's use of the Service to create products for commercial sale or other commercial exploitation.

7.4 The Purchaser shall comply with the Guidelines for Ethical Use of Tests and Questionnaires.

7.5 If the Purchaser uses customisation facilities available on the Service to apply different branding to the OPPassessment site or to alter or deviate from the standard supplied wording in relation to the content of emails sent via the Service, the Purchaser shall ensure that it possesses all necessary intellectual property rights or permissions and that any changes are lawful, appropriate and related to the subject matter of OPPassessment. The Myers-Briggs Company shall have no responsibility or liability in relation to any such customisation of the Service, including any infringement of third party intellectual property rights, misuse, or unlawful or inappropriate content.

7.6 In the event that the Purchaser is not also the Registered User, the Purchaser shall ensure that any and all Registered Users comply with the obligations set out in clauses 7.2 to 7.5 as if such Registered User were the Purchaser.

7.7 The Purchaser shall indemnify The Myers-Briggs Company in the event that The Myers-Briggs Company or The Myers-Briggs Company's licensors suffer any losses, claims, liabilities, damages, expenses or costs as a result (whether direct or indirect) of any breach by the Purchaser or the Registered User(s) of clauses 7.2 to 7.6.

7.8 The Purchaser shall further indemnify The Myers-Briggs Company in respect of any claims brought by a test-taker or client of the Purchaser against us or our licensors in relation to the Purchaser's use of the Service or the Materials.

7.9 All Purchasers and Registered Users shall be required, in using The Myers-Briggs Company's Materials to verify any local requirements and/or restrictions on using psychometric tests in general and the Materials in particular, in that jurisdiction, whether imposed by law, regulation or by a local regulatory or governmental body. Where any local requirements and/or restrictions exist that alter the criteria for, or prevent, use of Materials within a particular jurisdiction, it shall be the responsibility of the Purchaser and Registered User to ensure that it fully complies with any and all such local requirements and/or restrictions. Where any individual or entity uses Materials in a particular jurisdiction in contravention of any local requirements and/or restrictions, whether knowingly or inadvertently, such individual or entity shall be solely responsible and liable for such use and shall hold harmless and indemnify The Myers-Briggs Company in respect of any loss or claim by a third party against The Myers-Briggs Company arising from such. Further, in the event that a Purchaser and/or Registered User has failed to ensure that any Materials may be legitimately used within a particular jurisdiction and subsequently purchases Materials for use in that jurisdiction, such Purchaser and/or Registered User shall be liable for the costs thereof and The Myers-Briggs Company shall bear no responsibility or liability for return of such Materials or the reimbursement of any associated costs.

8 Intellectual property

8.1 The Materials and the Service are owned by, or licensed to, The Myers-Briggs Company. Reproduction of the Materials or the Service, in whole or in part, in any form or media, by any process (including posting on the internet or any intranet, or unauthorised emailing), is prohibited except (i) where expressly permitted by law; or, (ii) where such reproduction is for the purposes of using the Service in accordance with these Terms.

8.2 For the avoidance of doubt:

  • 8.2.1 reproduction of questionnaires available via the Service is not permitted; and
  • 8.2.2 reports on test-takers generated using the Service may be copied a reasonable number of times for internal record-keeping and other similar purposes related directly to the test-taker concerned.

9 Data Protection and Privacy 

9.1 The Myers-Briggs Company is committed to protecting and respecting Users’ privacy and to acting in compliance with GDPR (the General Data Protection Regulation (EU) 2016/ 679) and any applicable enacting, successor or amending legislation. You should read our Data Protection Statement and our Privacy Policy as they will help you understand how we collect, use, store and otherwise process personal data. 

9.2 It is the Purchaser's duty to ensure that it has the consent of the respondent test-taker to permit The Myers-Briggs Company to use any personal data provided in the manner set out in the Privacy Policy.

10 Liability

10.1 Our liability arising under or as a result of the provision or use of the Materials or the Service, whether in contract, tort, breach of statutory duty or otherwise, will not exceed the price paid by the Purchaser for the Service or Materials.

10.2 Nothing in these Terms will exclude or limit our liability for death or personal injury caused by our negligence, or for any fraud on our part, or for any liability that cannot be excluded by law.

10.3 Subject to clause 10.2, we will not be liable for any indirect or consequential loss, loss of business, profit, revenue, data or goodwill, or for lost or wasted management time or the lost time of other employees arising from the Purchaser's use of the Materials (whether direct or indirect).

10.4 We do not warrant or represent that the Service will operate without interruption, and we have no liability for the inability of anyone to access the Service or the emails that form part of the Service. We reserve the right to carry out maintenance and development on the Service, which may cause interruption to it.

10.5 Except as expressly set out in these Terms we exclude to the fullest extent permitted by law all warranties, representations, terms, conditions and undertakings, whether implied by statute, common law, custom, trade usage, course of dealing or otherwise.

11 General

11.1 These Terms are governed by English law and you agree you will only sue us in the courts of England. The place of performance of the contract will be England.

11.2 The Myers-Briggs Company reserves the right to change these Terms at any time without prior notice to you, so please check them regularly. These Terms were revised in May 2018.

11.3 In the event of any conflict between these Terms (as displayed on our website) and those in our catalogue or elsewhere, these Terms (as displayed on our website) shall prevail.  

The Myers-Briggs Company Limited
Elsfield Hall
15-17 Elsfield Way

Registered in England and Wales
Company Number 2218212



Data Processing Terms (DP Terms)

These DP Terms govern data processing by The Myers-Briggs Company for and on behalf of Purchaser in relation to the goods and/or services received by Purchaser from The Myers-Briggs Company.
These DP Terms are supplemental to The Myers-Briggs Company Terms to which these DP Terms are supplemental, and together form the contract between the Parties.

1. Background
1.1 The Myers-Briggs Company  provides goods and/or services to Purchaser which may involve the processing of personal data by The Myers-Briggs Company on behalf of Purchaser as part of the provision of services to Purchaser in the field of business psychology (“Services”), including personal data relating to Purchaser, its personnel and where applicable, its Purchasers or other individuals with whom Purchaser deals in the course of its business as relevant to the Services (“Relevant Data Subjects”). Further information on the subject matter, nature, purpose and duration of processing in relation to our provision of goods and services is set out from time to time in our Privacy Policy at https://eu.themyersbriggs.com/en/About/Privacy-Policy

2. Description of processing
The processing to be carried out by The Myers-Briggs Company is as follows:
2.1 the subject matter of the processing is as described in clause 1.1 above and the duration of the processing will be throughout the period within which The Myers-Briggs Company performs Services;
2.2 the nature of the processing is as described in clause 1.1 above and the purpose of the processing is to enable The Myers-Briggs Company to perform Services to the Purchaser;
2.3 the personal data to be processed will be any personal data of Relevant Data Subjects provided in order to enable or facilitate the provision of Services by The Myers-Briggs Company as described in clause 1.1 above, and the categories of data subjects are Relevant Data Subjects; and
2.4 the obligations and rights of the data controller in relation to the processing are set out below.

3. Compliance with the Data Protection Regulations
3.1 Each of Purchaser and The Myers-Briggs Company warrant and represent that it will comply with (and shall ensure that its staff and/or subcontractors comply) with the Data Protection Regulations in processing personal data in connection with the Services.

4. Relationship and roles of the parties
4.1 In relation to the processing of personal data in connection with Services, the parties acknowledge and agree that:

      • 4.4.1 Purchaser is the data controller; and
      • 4.1.2 The Myers-Briggs Company is the data processor.

The Myers-Briggs Company agrees that it will process the personal data in accordance with these DP Terms.

5. Responsible individuals and enquiries
5.1 Purchaser and The Myers-Briggs Company will each notify the other from time to time of the individual within its organisation authorised to respond to enquiries regarding the personal data and the processing which is the subject of these DP Terms. Purchaser and The Myers-Briggs Company shall each deal promptly and reasonably with all such enquiries.
5.2 In respect of The Myers-Briggs Company, the individual authorised to respond to such enquiries is The Myers-Briggs Company DPO together with other members of The Myers-Briggs Company Data Protection Team. Any enquiries should be addressed to dpo@themyersbriggs.com

6. Processing of personal data by The Myers-Briggs Company 
In relation to the processing of personal data in connection with the Services, The Myers-Briggs Company shall:
6.1 process the personal data (including when making an international transfer of the personal data) only for the purpose of and to the extent necessary for provision of the Services and then only in accordance with:

  • 6.1.1 these DP Terms; and
  • 6.1.2 Purchaser's written instructions from time to time,

unless otherwise required by law. Where The Myers-Briggs Company is required by law to process the personal data otherwise than as provided by these DP Terms, it will notify Purchaser before carrying out the processing concerned (unless the law also prevents The Myers-Briggs Company from doing so for reasons of important public interest);
6.2 implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing, in particular protection against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed under these DP Terms, as set forth in the Appendix;
6.3 take all reasonable steps to ensure that only authorised personnel have access to the personal data and that any persons whom it authorises to have access to the personal data will respect and maintain all due confidentiality in relation to the personal data (including by means of an appropriate contractual duty of confidentiality where the persons concerned are not already under such a duty under the law);
6.4 not engage any sub-processors in the performance of the Services without the prior written consent of Purchaser and otherwise in accordance with clause 7 at all times;
6.5 not do, or omit to do, anything, which would cause Purchaser to be in breach of its obligations under the Data Protection Regulations;
6.6 immediately notify Purchaser if, in The Myers-Briggs Company's opinion, any instruction given to The Myers-Briggs Company infringes the Data Protection Regulations;
6.7 where applicable in respect of any personal data processed in relation to the Services, co-operate with and assist Purchaser in ensuring compliance with:

  • 6.7.1 Purchaser's obligations to respond to requests from any data subject(s) seeking to exercise its/their rights under Chapter III of the GDPR, including by notifying Purchaser of any written subject access requests The Myers-Briggs Company receives relating to Purchaser's obligations under the Data Protection Regulations; and
  • 6.7.2 Purchaser's obligations under Articles 32 – 36 of the GDPR to:
    • (a) ensure the security of the processing;
    • (b) notify the relevant supervisory authority, and any data subject(s), where relevant, of any breaches relating to personal data;
    • (c) carry out any data protection impact assessments (each a "DPIA") of the impact of the processing on the protection of personal data; and
    • (d) consult the relevant supervisory authority prior to any processing where a DPIA indicates that the processing would result in a high risk in the absence of measures taken by Purchaser to mitigate the risk.

6.8 provide assistance where reasonably required by Purchaser in relation to the fulfilment of Purchaser’s obligations to co-operate with the relevant supervisory authority under Article 31 of the GDPR.

7. Sub-processors
7.1 The Myers-Briggs Company will ensure that any sub-processor it engages to provide any services on its behalf in connection with the Services does so only on the basis of a written contract which imposes on such sub-processor terms equivalent to those imposed on The Myers-Briggs Company under these DP Terms or such other alternative terms as may be agreed with Purchaser (the "Relevant Terms"). The Myers-Briggs Company shall procure the performance by the sub-processor of the Relevant Terms and shall be directly liable to Purchaser for:

  • 7.1.1 any breach by the sub-processor of any of the Relevant Terms;
  • 7.1.2 any act or omission of the sub-processor which causes:
    • The Myers-Briggs Company to be in breach of these DP Terms; or
    • Purchaser or The Myers-Briggs Company to be in breach of the Data Protection Regulations.

7.2 Where Purchaser has given a general authorisation to The Myers-Briggs Company to engage sub-processors, then prior to engaging a new sub-processor under the general authorisation The Myers-Briggs Company will notify Purchaser of any changes that are made that would affect that general authorisation and give Purchaser an opportunity to object to them.
7.3 Notwithstanding clauses 7.1 and 7.2, it is agreed that The Myers-Briggs Company shall be permitted to transfer personal data to such sub-processors as are set forth in the List of Third Parties and Transfers ex-EEA.

8. Monitoring of The Myers-Briggs Company's performance
8.1 Purchaser is entitled to monitor and audit The Myers-Briggs Company's compliance with the Data Protection Regulations and its obligations in relation to data processing in connection with the Services at any time during normal business hours. The Myers-Briggs Company agrees to provide Purchaser promptly with all access, assistance and information that is reasonably necessary to enable the monitoring and audits concerned. If Purchaser believes that an on-site audit is necessary, The Myers-Briggs Company agrees to give Purchaser reasonable access to its premises (subject to any reasonable confidentiality and security measures), and to any stored personal data and data processing programs it has on-site. Purchaser is entitled to have the audit carried out by a third party.

9. Transfers outside the EEA and to third parties
9.1 We may transfer personal data outside the EEA and to any third party located outside the EEA (including to our parent company, The Myers-Briggs Company, in the US) where we are permitted to do so for that transfer under Articles 44 to 49 of the GDPR. For the purposes hereof, it is agreed that The Myers-Briggs Company shall be permitted to transfer personal data outside the EEA and to such third parties located outside the EEA as set forth in the List of Third Parties and Transfers ex-EEA, provided the appropriate safeguard mechanisms remain in place.

10. Completion of Services
10.1 Upon completion of the Services, The Myers-Briggs Company will at Purchaser's discretion, on receipt of  Purchaser’s instruction, delete or return to Purchaser, all personal data (including copies) processed in connection with the Services, except to the extent that The Myers-Briggs Company is required by law to retain any copies of the personal data and save to the extent that The Myers-Briggs Company receives instructions to the contrary from any Purchaser Data Subject.

11. Governing Law
11.1 These DP Terms shall be governed by the laws of England and Wales and the courts of London, England shall have exclusive jurisdiction.

12. Definitions
12.1 For the purposes of these DP Terms, defined terms used are as follows:

Data Protection

means all laws applicable to any personal data processed under or in connection with the Contract, including:

  • the Data Protection Directive 95/46/EC (as the same may be superseded by the GDPR);
  • the Privacy and Electronic Communications Directive 2002/58/EC;
  • the GDPR, once it comes into effect;
  • the Data Protection Act 1998 and all other national legislation implementing or supplementing any of the foregoing; and
  • all associated codes of practice and other binding guidance issued by any Regulator;

all as amended, re-enacted and/or replaced and in force from time to time;




means the General Data Protection Regulation (EU) 2016/679; and




means any goods and/or services provided to Purchaser under The Myers-Briggs Company Terms of Business.

The terms personal data; data controller; data processor; processing; and supervisory authority used in these DP Terms shall have the meaning given in the Data Protection Regulations.

The Myers-Briggs Company Technical and Organisational Measures
Key Controls

1.1 The Myers-Briggs Company’s Information Security Management System and Data Protection systems detail:

  • Policy;
  • Governance;
  • Process and procedures;
  • Roles and responsibilities;
  • Assurance process;
  • Risk assessment process including DPIAs; and
  • Improvement plans.

1.2 The Myers-Briggs Company’s Physical Security measures include:

  • The fitting of appropriate locks and other physical controls to the doors and windows of rooms where computers are kept, including swipecard entry;
  • Physically securing unattended lap tops (eg by locking them in a secure drawer or cupboard);
  • Ensuring control of and security of all removable media, such as removable hard-drives, CDs, floppy disks and USB drives, attached to business-critical assets;
  • Destroying or removing all business-critical information from media such as CDs, and floppy disks before disposing of them;
  • Ensuring that all business-critical information is removed from the hard drives of any used computers before disposing of them; and
  • Storing back-ups of business-critical information off-site and/ or in a fire and water-proof container.

1.3 The Myers-Briggs Company’s Access Controls measures include:

  • Using unique passwords, that are not obvious and change them regularly;
  • Using complex password policies;
  • Ensuring that employees understand good password security; and
  • Auditing unauthorised logins.

1.4 The Myers-Briggs Company’s Security and Privacy Technologies include:

  • Ensuring that all computers used have anti-virus software installed, and the virus definitions are updated at least once a week. All incoming and outgoing traffic is scanned for viruses, as are any disk or CD that is used, even where from a ‘trusted’ source. At least once a month, computers are scanned for viruses.

1.5 The Myers-Briggs Company’s awareness, training and security checks in relation to personnel include:

  • Performing integrity checks on all new employees to ensure that they have not lied about their background, experience or qualifications;
  • Giving all new employees a simple introduction to information security, and ensuring that they have read and understand The Myers-Briggs Company’s Information Security Policy and Data Protection Policy;
  • Ensuring employees know where to find details of the Information Security standards and procedures relevant to their role and responsibilities;
  • Ensuring that employees have access only to the information assets they need to do their jobs. If employees change jobs, we ensure that they do not retain access to the assets they needed for their old job. When dismissing employees, we ensure that they do not take with them any business-critical information;
  • Ensuring that no ex-employees have access rights to The Myers-Briggs Company systems; and
  • Ensuring employees know about the common methods that can be used to compromise systems.

1.6 The Myers-Briggs Company’s Incident/Response Management/Business Continuity include:

  • Ensuring that employees understand what is meant by a Security Incident, being any event that can damage or compromise the confidentiality, integrity or availability of your business–critical information or systems;
  • Ensuring that employees are trained to recognise the signs of Security Incidents;
  • Ensuring that employees receive training on the need to notify anything which may be a sign of a Security Incident and are kept informed as to the identity of the person to whom such notifications should be made;
  • Ensuring that if a Security Incident occurs, employees know who to contact and how;
  • Having in place a Business Continuity Plan to assure business continuity in the event of a serious Security Incident. The Plan specifies:
    • Designated people involved in the response;
    • External contacts, including law enforcement, fire and possibly technical experts;
    • Contingency plans for foreseeable incidents such as:
      • Power loss;
      • Natural disasters and serious accidents;
      • Data compromise;
      • No access to premises;
      • Loss of essential employees;
      • Equipment failure;
      • Ensuring that the Business Continuity Plan is issued to all required employees and is tested at least once a year, regardless of whether there has been a Security Incident; and
      • After every incident when the Business Continuity Plan is used, and after every test, re-examining and updating, where necessary, the Business Continuity Plan using the lessons learned.

      1.7 The Myers-Briggs Company’s Audit Controls/Due Diligence include:

      Ensuring that appropriate security audit arrangements are in place including:

      • Auditing of who has access to its systems;
      • Logging of such access to the systems; and
      • Auditing of compliance with security procedures.