Terms of Business for Booking Learning Programmes
These are the Terms of Business for Learning Programmes (“Terms”) of The Myers-Briggs Company Limited, a company registered in England and Wales (registered number 2218212) whose registered offices are at Elsfield Hall, 15-17 Elsfield Way, Oxford OX2 8EP, UK (The Myers-Briggs Company) and cover the European branch offices of The Myers-Briggs Company Limited (including The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company - Germany). When we refer to “The Myers-Briggs Company”, “we”, “us” and “our” we mean The Myers-Briggs Company Limited and our European branch offices, unless otherwise stated.
If you have questions about any of these terms and conditions, please contact The Myers-Briggs Company's Customer Support Team on +44 1865 404610 or +44 1865 404500.
"Business Day" means a day (not being a Saturday or Sunday) on which banks are open for general banking business in the City of London. Where “days” is referred to, this shall not be interpreted as Business Days;
"Client" means the organisation contracting with The Myers-Briggs Company for the provision of learning programmes;
“Course Materials” means all course manuals, e-learning products, question banks, knowledge banks, course notes and any other materials supporting the learning programme written by The Myers-Briggs Company or its third party suppliers to be supplied to the Client.
"The Myers-Briggs Company" means The Myers-Briggs Company Limited together with its European branch offices (including The Myers-Briggs Company - France, The Myers-Briggs Company - Netherlands and The Myers-Briggs Company - Germany);
"Materials" means The Myers-Briggs Company’s assessment and training materials, including Course Materials and Restricted Materials, whether printed materials or recorded on any other medium (such as video, DVD, CD-ROM or other software program);
"Restricted Materials" means any psychometric assessments or materials (including questionnaire booklets, score keys and weights, answer sheets and profile sheets) that, at the time of purchase, are identified as restricted in The Myers-Briggs Company’s current catalogue, in The Myers-Briggs Company's sales literature, on the website or on the tests or materials themselves;
"Trademarks" means all the registered and unregistered trademarks used by The Myers-Briggs Company in the course of business.
1 Learning programme terms, content and prices
1.1 The details of the design and content of learning programmes, and their prices, are correct at the time of publication, but they may be subject to change without notice.
1.2 The Myers-Briggs Company reserves the right to cancel or reschedule programmes without penalty or liability if there are insufficient bookings, or for reasons outside The Myers-Briggs Company’s control.
1.3 The Client understands and acknowledges that successful completion of qualification programmes requires participants to demonstrate an understanding of underlying principles, and competence in administration and feedback of the instrument(s) concerned.
1.4 Where any learning programme requires work to be completed prior to attendance (pre-work as detailed in confirmation emails sent by The Myers-Briggs Company), we reserve the right to deny attendance at the scheduled learning programme if the pre-work has not been completed. In such event, the participant would be offered transfer to an alternative learning programme subject to payment of a transfer fee in accordance with Clause 5.1.
1.5 Only fee-paying delegates are allowed to participate in and/or observe any event or learning programme, including the workshop and associated activities, unless agreed otherwise by prior written agreement between Client and The Myers-Briggs Company
2 Virtual delivery of learning programmes
Where a learning programme, or any element thereof, is to be delivered virtually, the following terms shall apply:
2.1 Only those participants registered for the learning programme shall be permitted to attend the learning programme session(s).
2.2 The registration instructions and log-in details for learning programmes are personal to each participant. They may not be used by anyone else nor may they be transferred or supplied to any third party or organisation.
2.3 If any participant or anyone else attempts to make multiple use of the registration and log-in details supplied by The Myers-Briggs Company by disclosing such details to others, the participant and its employing organisation will be liable for the number of people who subsequently attended the learning programme using the registration details. Only participants registered for the learning programme and completing all aspects of the programme shall be entitled to receive qualification under the programme.
2.4 Participants acknowledge that participation in learning programmes requires use of certain technologies. Participants will, at their own expense: (a) provide their own viewing venue, computer systems, internet service, and other technology, devices, and accommodations necessary to participate in a learning programme session; (b) obtain any software necessary to participate in the learning programme session, including, without limitation, their own Zoom video-conferencing capability and access (or other provider as specified by The Myers-Briggs Company); and (c) comply with all reasonable additional technology requirements prescribed by The Myers-Briggs Company in writing. The Myers-Briggs Company accepts no responsibility or liability for any failure in the above technology requirements.
2.5 The Myers-Briggs Company shall not be liable for any interruption to service or availability of internet connection or video-conferencing facility caused by equipment or technologies supplied, used or made available by the participant nor for participant’s inability to access any virtual programme or content or functionality that forms part of the programme, nor for any interruption to service or availability of internet connection or video-conferencing facility caused by factors not under the control of The Myers-Briggs Company.
2.6 In addition to the data protection and privacy terms set forth in Clause 10 of these Terms, the following terms shall also apply:
2.6.1 The Myers-Briggs Company, at its discretion, may monitor the registration and access to learning programme sessions, including the number of computers and their IP addresses, to ensure that the registration and/or log-in details have not been distributed;
2.6.2 The Myers-Briggs Company may record the learning programme sessions provided that no participants shall be video-recorded in such recordings;
2.7 Where participants attending virtual learning programmes are offered the opportunity of a free-of-charge session as follow-up to a learning programme (offered at the discretion of The Myers-Briggs Company), this will be optional, and attendance is not required for qualification. If a participant is unable to attend the scheduled session, no further session will be made available by The Myers-Briggs Company.
3.1 Fees are payable within 30 days of the date of invoice or 28 days prior to the start of all applicable programme(s), whichever is the earlier date. Immediate payment by credit card or cheque will be required on any bookings received within 28 days of the programme start date. Clients with a credit account will be invoiced (provided a PO has been provided at the time of order and the fees payable are within the applicable credit limit) and fees shall be payable according to the agreed credit terms, irrespective of the programme start date. Payment or part payment of fees may be made against available credit on a Voucher (see Terms of Business for Vouchers), including for the avoidance of doubt, where a Voucher has been purchased on credit terms.
3.2 Where, on completion of a qualification programme, a participant would normally become entitled to purchase Restricted Materials, The Myers-Briggs Company will only award that qualification when payment of the relevant programme fee has been received in full.
3.3 Where The Myers-Briggs Company has quoted a price for a programme in euro (€), US dollars ($) or any other currency, the price shall be paid in accordance with the currency set forth on the invoice.
3.4 VAT at the standard UK rate is chargeable on all fees for The Myers-Briggs Company’s public learning programmes held in the UK, regardless of the country of residence of the attendee. Where programmes are held in other EU countries, VAT will be charged as required by the country concerned.
3.5 The cost of optional overnight accommodation is not included in the programme fee, and participants are expected to make their own accommodation arrangements.
3.6 The Myers-Briggs Company reserves the right to charge interest and costs of recovery in accordance with the Late Payment of Commercial Debts (Interest) Act 1998 (as amended).
3.7 Where a refund is due to a Client and such is caused at the fault of the Client, The Myers-Briggs Company reserves the right to deduct any administrative bank/ credit card charges from such refund. Where the refund is necessitated at the fault of The Myers-Briggs Company, no such deductions shall be made.
4 Ownership of materials included in learning programme feesIt is a condition of sale of any learning programme, including those delivered virtually, that ownership of Course Materials shall not transfer to the participant or his employer (as the case may be) until full payment is received by The Myers-Briggs Company in respect of the relevant programme. If payment is not received by its due date, and/or a learning programme is cancelled outside our cancellation fees as set forth in Clause 6.1, Course Materials should be returned to The Myers-Briggs Company forthwith. If in such event, Course Materials are not received by The Myers-Briggs Company, we shall seek reimbursement for the cost of the Course Materials plus delivery charges, failing which we will pursue the cost as a debt and may repossess any Course Materials that have not been paid for.
5 Transfer policy
5.1 Once a programme has been booked, should a participant wish to transfer from one date to another, The Myers-Briggs Company shall, subject to Clause 4.6, endeavour to facilitate such requested transfer, in which event the following transfer fees are payable:
Transfer request received by The Myers-Briggs Company
|Fewer than seven days before the programme starts||50% of the fee is payable|
|Between seven and 28 days before the programme starts||25% of the fee payable|
5.2 All requests for transfer of a programme to another date must be made in writing.
5.3 For all requests for transfer of programme to another date, the alternative date must be provided to The Myers-Briggs Company within one (1) month of the transfer request, failing which the transfer request will no longer apply and the booking shall be deemed cancelled. In such event, the cancellation fees as set forth in Clause 5 shall apply and the fees, as set forth in Clause 5 below shall be payable in full in replacement of the above transfer request fees.
5.4 Where courses are in two parts (for example, where there is a follow-up day, or where the programme is divided into Part One and Part Two), the date of the second part is linked to a specific first part and therefore:
5.4.1 provided that space is available, transfer to a different date to complete the second part from the one scheduled, may be made, but there will be an administrative charge of five hundred pounds (£500) (plus VAT). If the second part extends over more than one day, any transfer must be for the whole of the second part, and not just a single day; and
5.4.2 the second part must be attended within twelve (12) months of the date on which the transferred booking would have commenced, failing which the entire learning programme would need to be undertaken (namely Part One would need to be re-booked as well as the transferred Part Two).
5.5 Where fieldwork is to be completed as a requirement of a learning programme, such fieldwork must be completed within twelve (12) months of the end of the learning programme.
5.6 Where a booking on a programme has been made using or subject to a discount or promotional offer or other special price arrangement, such booking may not be transferred to another date. If a participant is unable to attend on the date of the booking, the participant may, provided sufficient notice is received, transfer the booking to another individual within their organisation, if applicable, provided that the alternative individual fulfils any eligibility criteria for the programme concerned and is able to complete any pre-work or fieldwork required in sufficient time for the programme booking. If otherwise cancelled, the cost of the booked programme will be forfeited.
6 Cancellation policy
6.1 In respect of cancellation by The Myers-Briggs Company, a full refund will be given upon return to The Myers-Briggs Company of any pre-course materials already dispatched.
In respect of a cancellation by a participant, the following cancellation charges are payable:
Cancellation received by The Myers-Briggs Company
|Fewer than seven days before the programme starts, or if the participant fails to attend||Full fee payable|
|Between seven and 28 days before the programme starts||50% of the fee payable|
|More than 28 days before the programme starts||No fee payable, except a charge for any pre-course materials already dispatched|
All cancellations must be made in writing.
6.2 Where a feedback session (whether scheduled for prior to a workshop or as a stand-alone session) is postponed or cancelled by the participant, The Myers-Briggs Company reserves the right to charge the postponement or cancellation charges set forth in clauses 4 and 5 respectively, in relation to the costs of such feedback session.
7 SubstitutionsSubstitutions can be accepted without charge at any time, provided that the substitute fulfils the entrance requirement and has completed any pre-course study.
8 Supply of product
8.1 Where your business is based outside Europe, please note that qualification in the use of certain instruments does not automatically mean that The Myers-Briggs Company will be able to supply you with such instruments. If this applies to you, please seek advice from the Customer Support Team before booking a learning programme.
8.2 All Clients shall be required, in using Materials and specifically Restricted Materials, to verify any local requirements and/or restrictions on using psychometric tests in general and the Materials and Restricted Materials in particular, in that jurisdiction, whether imposed by law, regulation or by a local regulatory or governmental body. Where any local requirements and/or restrictions exist that alter the criteria for, or prevent, use of Materials or Restricted Materials within a particular jurisdiction, it shall be the responsibility of the Client to ensure that it fully complies with any and all such local requirements and/or restrictions. Where any Client uses Materials or Restricted Materials in a particular jurisdiction in contravention of any local requirements and/or restrictions, whether knowingly or inadvertently, such Client shall be solely responsible and liable for such use and shall hold harmless and indemnify The Myers-Briggs Company in respect of any loss or claim by a third party against The Myers-Briggs Company arising from such. Further, in the event that a Client has failed to ensure that any Materials or Restricted Materials may be legitimately used within a particular jurisdiction and subsequently purchases Materials or Restricted Materials for use in that jurisdiction, such Client shall be liable for the costs thereof and The Myers-Briggs Company shall bear no responsibility or liability for return of such Materials or Restricted Materials or the reimbursement of any associated costs.
9 Intellectual Property Rights
9.1 All Materials and other products supplied by The Myers-Briggs Company, are protected by intellectual property rights (including trademarks, copyright, patents and design rights) and rights of confidence. Reproduction of these products in whole or in part, in any form, or their storage in a database or retrieval system, by any process, is prohibited except where expressly permitted by law or by licence. Any notice on Materials in respect of intellectual property rights (including copyright and Trademark notices) shall not be removed from such Materials, or obscured or otherwise altered.
9.2 The Client shall not reproduce, copy, vary or adapt the Materials by any means or in any way whatsoever, or enter or convert the same into any kind of information storage or retrieval system, including but not limited to any form of electronic or computer system.
9.3 The Myers-Briggs Company is bound by The Myers-Briggs Company's author and distribution contracts to take prompt legal action against anyone who infringes The Myers-Briggs Company's copyrights or its authors' copyrights.
9.4 The Client acknowledges that the Trademarks are the property of The Myers-Briggs Company, or The Myers-Briggs Company's licensors, and that use of the Trademarks by the Client will at all times be in keeping with these Terms, and the Client will seek to maintain their distinctiveness and reputation. The Client shall not use any mark or name confusingly similar to the Trademarks in respect of goods similar to the Materials.
10 Data Protection and Privacy
10.2 Client agrees to be bound by the Data Protection Terms as set forth in the Schedule attached hereto, unless otherwise agreed in writing between The Myers-Briggs Company and the Client.
11.1 The Myers-Briggs Company will try to notify participants as soon as reasonably possible if a course has to be cancelled.
11.2 Nothing in these Terms shall exclude or limit The Myers-Briggs Company's liability for death or personal injury caused by The Myers-Briggs Company's negligence, nor for fraud on The Myers-Briggs Company's part, nor for any liability that cannot be excluded by law.
11.3 The Myers-Briggs Company will also try to ensure that any description of the design or content of learning programmes is as informative as possible, but it is for the Client and participants to take responsibility for deciding whether or not a programme is suitable for their needs.
11.4 Subject to Clauses 11.2, 11.3 and 11.5, The Myers-Briggs Company's liability arising under or as a result of the provision of the Services whether in contract, tort, breach of statutory duty or otherwise is limited to the fees actually paid by the Client to The Myers-Briggs Company for such Services.
11.5 The Myers-Briggs Company will not be liable for any indirect or consequential loss, loss of business, profit, revenue, data or goodwill, nor for lost or wasted management time or employee time of the Client.
11.6 Any condition, representation or warranty that might otherwise be implied or incorporated within these Terms by reason of statute or common law or otherwise is hereby expressly excluded.
12 Client Cooperation and Excused Non-Performance
Client agrees to cooperate with our reasonable instructions relating to performance of services provided hereunder. We shall not be in breach of these Terms for any failure or delay in performance of any of our obligations hereunder, arising from or attributable to: (i) Client’s unreasonable delay or failure to cooperate with our reasonable instructions; or (ii) force majeure, which shall include (but not be limited to) events that are unpredictable, unforeseeable, or irresistible, such as any severe weather, earthquake, fire, epidemic, pandemic, acts of terrorism, biological warfare, outbreak of military or civil hostilities, explosions, strikes, sabotage, governmental interference or decree, interruption of service due to telecom carriers, internet service provider issues, power supply issues, or other technology issues. If Client fails to cooperate in a timely manner with our reasonable instructions regarding performance of the Services, we may take reasonable actions to remediate or mitigate the effects of Client’s non-cooperation or delay, including (without limitation) rescheduling a programme date, cancelling an event or engagement, or restricting or denying eligibility to participate in a programme, event or engagement.
13 ExclusionsAny condition, representation or warranty that might otherwise be implied or incorporated within these Terms by reason of statute or common law or otherwise is hereby expressly excluded to the fullest extent permitted by law.
14 Variation and conflictThese Terms shall apply to the exclusion of all other terms and conditions, including any that you attempt to apply under any purchase order, booking confirmation or any other document; and, no variation of these Terms requested by you shall be effective unless in writing and signed on behalf of The Myers-Briggs Company by one of its directors. The Myers-Briggs Company reserves the right to change these Terms at any time without prior notice to you, so please check them regularly. These Terms were revised in April 2020. In the event of any conflict between these Terms (as displayed on our website) and those in our catalogue or elsewhere, these Terms (as displayed on our website) shall prevail.
15 Governing lawThese terms and conditions are governed by English law and you agree you will only sue us in the courts of England. The place of performance of the contract will be England.
16 Further informationIf you wish to raise any query, please contact firstname.lastname@example.org or call our Customer Services on + 44 1865 404610
The Myers-Briggs Company Limited
15-17 Elsfield Way
Registered in England and Wales
Company Number 2218212
Data Processing Terms (DP Terms)
These DP Terms govern data processing by The Myers-Briggs Company for and on behalf of Client in relation to the goods and/or services received by Client from The Myers-Briggs Company.
These DP Terms are supplemental to The Myers-Briggs Company Terms to which these DP Terms are supplemental, and together form the contract between the Parties.
2. Description of processing
The processing to be carried out by The Myers-Briggs Company is as follows:
2.1 the subject matter of the processing is as described in clause 1.1 above and the duration of the processing will be throughout the period within which The Myers-Briggs Company performs Services;
2.2 the nature of the processing is as described in clause 1.1 above and the purpose of the processing is to enable The Myers-Briggs Company to perform Services to the Client;
2.3 the personal data to be processed will be any personal data of Relevant Data Subjects provided in order to enable or facilitate the provision of Services by The Myers-Briggs Company as described in clause 1.1 above, and the categories of data subjects are Relevant Data Subjects; and
2.4 the obligations and rights of the data controller in relation to the processing are set out below.
3. Compliance with the Data Protection Regulations
3.1 Each of Client and The Myers-Briggs Company warrant and represent that it will comply with (and shall ensure that its staff and/or subcontractors comply) with the Data Protection Regulations in processing personal data in connection with the Services.
4. Relationship and roles of the parties
4.1 In relation to the processing of personal data in connection with Services, the parties acknowledge and agree that:
- 4.4.1 Client is the data controller; and
- 4.1.2 The Myers-Briggs Company is the data processor.
The Myers-Briggs Company agrees that it will process the personal data in accordance with these DP Terms.
5. Responsible individuals and enquiries
5.1 Client and The Myers-Briggs Company will each notify the other from time to time of the individual within its organisation authorised to respond to enquiries regarding the personal data and the processing which is the subject of these DP Terms. Client and The Myers-Briggs Company shall each deal promptly and reasonably with all such enquiries.
5.2 In respect of The Myers-Briggs Company, the individual authorised to respond to such enquiries is The Myers-Briggs Company DPO together with other members of The Myers-Briggs Company Data Protection Team. Any enquiries should be addressed to email@example.com
6. Processing of personal data by The Myers-Briggs Company
In relation to the processing of personal data in connection with the Services, The Myers-Briggs Company shall:
6.1 process the personal data (including when making an international transfer of the personal data) only for the purpose of and to the extent necessary for provision of the Services and then only in accordance with:
- 6.1.1 these DP Terms; and
- 6.1.2 Client's written instructions from time to time,
unless otherwise required by law. Where The Myers-Briggs Company is required by law to process the personal data otherwise than as provided by these DP Terms, it will notify Client before carrying out the processing concerned (unless the law also prevents The Myers-Briggs Company from doing so for reasons of important public interest);
6.2 implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing, in particular protection against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed under these DP Terms, as set forth in the Appendix;
6.3 take all reasonable steps to ensure that only authorised personnel have access to the personal data and that any persons whom it authorises to have access to the personal data will respect and maintain all due confidentiality in relation to the personal data (including by means of an appropriate contractual duty of confidentiality where the persons concerned are not already under such a duty under the law);
6.4 not engage any sub-processors in the performance of the Services without the prior written consent of Client and otherwise in accordance with clause 8 at all times;
6.5 not do, or omit to do, anything, which would cause Client to be in breach of its obligations under the Data Protection Regulations;
6.6 immediately notify Client if, in The Myers-Briggs Company's opinion, any instruction given to The Myers-Briggs Company infringes the Data Protection Regulations;
6.7 where applicable in respect of any personal data processed in relation to the Services, co-operate with and assist Client in ensuring compliance with:
- 6.7.1 Client's obligations to respond to requests from any data subject(s) seeking to exercise its/their rights under Chapter III of the GDPR, including by notifying Client of any written subject access requests The Myers-Briggs Company receives relating to Client's obligations under the Data Protection Regulations; and
- 6.7.2 Client's obligations under Articles 32 – 36 of the GDPR to:
- (a) ensure the security of the processing;
- (b) notify the relevant supervisory authority, and any data subject(s), where relevant, of any breaches relating to personal data;
- (c) carry out any data protection impact assessments (each a "DPIA") of the impact of the processing on the protection of personal data; and
- (d) consult the relevant supervisory authority prior to any processing where a DPIA indicates that the processing would result in a high risk in the absence of measures taken by Client to mitigate the risk.
6.8 provide assistance where reasonably required by Client in relation to the fulfilment of Client’s obligations to co-operate with the relevant supervisory authority under Article 31 of the GDPR.
7.1 The Myers-Briggs Company will ensure that any sub-processor it engages to provide any services on its behalf in connection with the Services does so only on the basis of a written contract which imposes on such sub-processor terms equivalent to those imposed on The Myers-Briggs Company under these DP Terms or such other alternative terms as may be agreed with Client (the "Relevant Terms"). The Myers-Briggs Company shall procure the performance by the sub-processor of the Relevant Terms and shall be directly liable to Client for:
- 7.1.1 any breach by the sub-processor of any of the Relevant Terms;
- 7.1.2 any act or omission of the sub-processor which causes:
- 220.127.116.11 The Myers-Briggs Company to be in breach of these DP Terms; or
- 18.104.22.168 Client or The Myers-Briggs Company to be in breach of the Data Protection Regulations.
7.2 Where Client has given a general authorisation to The Myers-Briggs Company to engage sub-processors, then prior to engaging a new sub-processor under the general authorisation The Myers-Briggs Company will notify Client of any changes that are made that would affect that general authorisation and give Client an opportunity to object to them.
7.3 Notwithstanding clauses 7.1 and 7.2, it is agreed that The Myers-Briggs Company shall be permitted to transfer personal data to such sub-processors as are set forth in the List of Third Parties and Transfers ex-EEA.
8. Monitoring of The Myers-Briggs Company's performance
8.1 Client is entitled to monitor and audit The Myers-Briggs Company's compliance with the Data Protection Regulations and its obligations in relation to data processing in connection with the Services at any time during normal business hours. The Myers-Briggs Company agrees to provide Client promptly with all access, assistance and information that is reasonably necessary to enable the monitoring and audits concerned. If Client believes that an on-site audit is necessary, The Myers-Briggs Company agrees to give Client reasonable access to its premises (subject to any reasonable confidentiality and security measures), and to any stored personal data and data processing programs it has on-site. Client is entitled to have the audit carried out by a third party.
9. Transfers outside the EEA and to third parties
9.1 We may transfer personal data outside the EEA and to any third party located outside the EEA (including to our parent company, The Myers-Briggs Company, in the US) where we are permitted to do so for that transfer under Articles 44 to 49 of the GDPR. For the purposes hereof, it is agreed that The Myers-Briggs Company shall be permitted to transfer personal data outside the EEA and to such third parties located outside the EEA as set forth in the List of Third Parties and Transfers ex-EEA, provided the appropriate safeguard mechanisms remain in place.
10. Completion of Services
10.1 Upon completion of the Services, The Myers-Briggs Company will at Client's discretion, on receipt of Client’s instruction, delete or return to Client, all personal data (including copies) processed in connection with the Services, except to the extent that The Myers-Briggs Company is required by law to retain any copies of the personal data and save to the extent that The Myers-Briggs Company receives instructions to the contrary from any Client Data Subject).
11. Governing Law
11.1 These DP Terms shall be governed by the laws of England and Wales and the courts of London, England shall have exclusive jurisdiction.
12.1 For the purposes of these DP Terms, defined terms used are as follows:
means all laws applicable to any personal data processed under or in connection with the Contract, including:
all as amended, re-enacted and/or replaced and in force from time to time;
means the General Data Protection Regulation (EU) 2016/679; and
means any goods and/or services provided to Client under The Myers-Briggs Company Terms of Business.
The terms personal data; data controller; data processor; processing; and supervisory authority used in these DP Terms shall have the meaning given in the Data Protection Regulations.
The Myers-Briggs Company Technical and Organisational Measures
1.1 The Myers-Briggs Company’s Information Security Management System and Data Protection systems detail:
- Process and procedures;
- Roles and responsibilities;
- Assurance process;
- Risk assessment process including DPIAs; and
- Improvement plans.
1.2 The Myers-Briggs Company’s Physical Security measures include:
- The fitting of appropriate locks and other physical controls to the doors and windows of rooms where computers are kept, including swipecard entry;
- Physically securing unattended lap tops (eg by locking them in a secure drawer or cupboard);
- Ensuring control of and security of all removable media, such as removable hard-drives, CDs, floppy disks and USB drives, attached to business-critical assets;
- Destroying or removing all business-critical information from media such as CDs, and floppy disks before disposing of them;
- Ensuring that all business-critical information is removed from the hard drives of any used computers before disposing of them; and
- Storing back-ups of business-critical information off-site and/ or in a fire and water-proof container.
1.3 The Myers-Briggs Company’s Access Controls measures include:
- Using unique passwords, that are not obvious and change them regularly;
- Using complex password policies;
- Ensuring that employees understand good password security; and
- Auditing unauthorised logins.
1.4 The Myers-Briggs Company’s Security and Privacy Technologies include:
- Ensuring that all computers used have anti-virus software installed, and the virus definitions are updated at least once a week. All incoming and outgoing traffic is scanned for viruses, as are any disk or CD that is used, even where from a ‘trusted’ source. At least once a month, computers are scanned for viruses.
1.5 The Myers-Briggs Company’s awareness, training and security checks in relation to personnel include:
- Performing integrity checks on all new employees to ensure that they have not lied about their background, experience or qualifications;
- Giving all new employees a simple introduction to information security, and ensuring that they have read and understand The Myers-Briggs Company’s Information Security Policy and Data Protection Policy;
- Ensuring employees know where to find details of the Information Security standards and procedures relevant to their role and responsibilities;
- Ensuring that employees have access only to the information assets they need to do their jobs. If employees change jobs, we ensure that they do not retain access to the assets they needed for their old job. When dismissing employees, we ensure that they do not take with them any business-critical information;
- Ensuring that no ex-employees have access rights to The Myers-Briggs Company systems; and
- Ensuring employees know about the common methods that can be used to compromise systems.
1.6 The Myers-Briggs Company’s Incident/Response Management/Business Continuity include:
- Ensuring that employees understand what is meant by a Security Incident, being any event that can damage or compromise the confidentiality, integrity or availability of your business–critical information or systems;
- Ensuring that employees are trained to recognise the signs of Security Incidents;
- Ensuring that employees receive training on the need to notify anything which may be a sign of a Security Incident and are kept informed as to the identity of the person to whom such notifications should be made;
- Ensuring that if a Security Incident occurs, employees know who to contact and how;
- Having in place a Business Continuity Plan to assure business continuity in the event of a serious Security Incident. The Plan specifies:
- Designated people involved in the response;
- External contacts, including law enforcement, fire and possibly technical experts;
- Contingency plans for foreseeable incidents such as:
- Power loss;
- Natural disasters and serious accidents;
- Data compromise;
- No access to premises;
- Loss of essential employees;
- Equipment failure;
- Ensuring that the Business Continuity Plan is issued to all required employees and is tested at least once a year, regardless of whether there has been a Security Incident; and
- After every incident when the Business Continuity Plan is used, and after every test, re-examining and updating, where necessary, the Business Continuity Plan using the lessons learned.
- Auditing of who has access to its systems;
- Logging of such access to the systems; and
- Auditing of compliance with security procedures.
1.7 The Myers-Briggs Company’s Audit Controls/Due Diligence include:
Ensuring that appropriate security audit arrangements are in place including: