Privacy and Security

At ESCO Institute, safeguarding private information stands as our foremost priority. We understand that the trust our clients place in us is paramount, and we are committed to maintaining the highest standards of privacy and security to protect this trust. This documentation provides comprehensive insights into ESCO Institute's privacy and security policies, which were duly approved by the ESCO Institute board on April 9, 2024. These policies govern all aspects of data collection and usage, ensuring that our practices align with legal requirements and industry best practices.

The scope of our privacy and security policies is extensive, covering various critical areas including data collection, data handling, access control, privacy protocols, hardware and software usage, and cloud solutions. These policies are designed to protect the personal and sensitive information of all individuals interacting with ESCO Institute and its affiliated entities. Any references to ESCO Institute within this documentation extend to all our affiliates, ensuring a unified approach to privacy and security across our organization.

By utilizing the ESCO Institute website, grading services, eLearning platforms, and other eCommerce services, users implicitly consent to the data practices delineated within this statement. We collect and utilize data to enhance the quality of our services, maintain operational efficiency, and ensure compliance with applicable regulations. Our commitment to privacy and security involves continuous monitoring and improvement of our systems and protocols to address emerging threats and vulnerabilities.

Our policies detail specific measures such as the implementation of multifactor authentication, rigorous access control mechanisms, regular security training for employees, and the use of advanced encryption technologies to protect data. We also emphasize the importance of secure hardware and software practices, ensuring that all tools and applications used within ESCO Institute meet stringent security standards.

In conclusion, ESCO Institute's privacy and security policies reflect our unwavering commitment to protecting personal information and maintaining the integrity of our services. We are dedicated to fostering a secure environment where our clients and users can confidently engage with our platforms, knowing that their information is protected by robust and comprehensive security measures.

Access Control

At ESCO Institute, we prioritize the security and integrity of our data and systems through robust access control measures. To ensure a secure working environment, the following policies have been implemented and are strictly enforced.

ESCO Institute maintains continuous monitoring of employee workstations for activity. This proactive approach helps detect any unauthorized access or unusual activity in real-time. It is mandatory for all employees to log out when they are away from their workstations. To reinforce this policy, any inactive workstations are automatically logged out after a period of inactivity. This minimizes the risk of unauthorized access during an employee's absence.

To enhance the security of our systems, the ESCO Institute Information Technology Team requires the use of multifactor authentication for all team members when logging into their accounts. Multifactor authentication adds an additional layer of security by requiring not just a password but also a second form of verification. This significantly reduces the risk of unauthorized access, even if a password is compromised.

Workstations that are left unmonitored are considered inactive and will be automatically logged out to prevent unauthorized access. This policy ensures that no sensitive information or systems are left accessible without proper supervision.

The ESCO Institute has established strict permissions to ensure that only authorized personnel can modify or override access control settings. These permissions are assigned based on an employee's role and responsibilities within the organization. By adhering to the principle of least privilege, we ensure that employees only have access to the resources necessary for their specific job functions.

In conclusion, the access control policies at ESCO Institute are designed to protect our systems and data from unauthorized access and potential security threats. By implementing continuous monitoring, mandatory logouts, multifactor authentication, and stringent permission assignments, we ensure that our work environment remains secure and that our sensitive information is well-protected.

Acceptable Use

At ESCO Institute, ensuring the security of our information is paramount. To achieve this, we have implemented comprehensive information security training for all employees. This training not only covers general security practices but also focuses specifically on protecting Personally Identifiable Information (PII).

During the security training sessions, employees are educated about the various types of cyber threats, with a special emphasis on social engineering and phishing attempts. These are common tactics used by cybercriminals to gain unauthorized access to sensitive information.

The training modules are designed to be interactive and engaging, providing practical examples and simulations to help employees recognize red flags and suspicious activities. Through vulnerability analysis and simulated phishing exercises, employees are given the tools and knowledge to detect and respond effectively to potential threats.

Our goal is not just to check off a box with training but to empower every employee to be vigilant and proactive in safeguarding our organization's data and the privacy of our customers. By instilling a culture of security awareness and providing ongoing education, ESCO Institute ensures that our workforce remains a strong defense against cyber threats.

Automatically Collected Information

As part of our commitment to maintaining the highest standards of privacy and cybersecurity, ESCO Institute may automatically collect certain information about your computer hardware and software when you use our services. This information includes, but is not limited to:

  • IP address
  • Browser type
  • Domain names
  • Access times
  • Referring website addresses

The purpose of collecting this information is multifaceted. Primarily, it aids in the operation and improvement of our services. By understanding how our systems are accessed and used, we can maintain the quality and reliability of our offerings, ensuring a seamless and efficient user experience.

Additionally, this data helps us perform general statistical analyses regarding the use of the ESCO Institute website. These analyses provide insights into user behavior and preferences, enabling us to tailor our services to better meet the needs of our customers.

The information collected is utilized solely for these operational purposes and is safeguarded to prevent unauthorized access or misuse. By using our website and services, you consent to the collection and use of this information as outlined in this policy.

Changes to Cyber Security and Policies

ESCO Institute recognizes the dynamic nature of cyber security threats and the need for continuous improvement in our security practices. Therefore, we reserve the right to revise our security policies at any time to address emerging threats and enhance protection measures.

In the event of significant changes that affect the way we treat personal information, ESCO Institute is committed to notifying you promptly. This notification will be carried out through one or more of the following methods:

  • A notice will be sent to the primary email address associated with your account, informing you of the modifications to our privacy and security policies.
  • We will place a prominent notice on our website, alerting visitors and users about the changes to our privacy practices.
  • The privacy information page on our website will be updated to reflect the revised policies.

Your continued use of the ESCO Institute website and services after such modifications will signify your acknowledgment and acceptance of the modified Privacy Policy. By agreeing to abide by the updated policy, you demonstrate your commitment to complying with our privacy and security standards.

We value transparency and strive to keep you informed about any changes that may impact on your privacy rights and data protection. Your trust is paramount to us, and we are dedicated to maintaining a secure and trustworthy environment for all our users.

Children Under Eighteen

ESCO Institute acknowledges the importance of protecting the privacy and safety of children under the age of eighteen (minors) who may interact with our services.

Minors may be required to provide personal information, such as their: full name, contact details, and other relevant information, in the context of closed-book examinations mandated by regulatory bodies like the United States Environmental Protection Agency (EPA) or other industry organizations.

It is our policy that minors under the age of eighteen must seek parental or guardian permission before using our website for testing or learning purposes. This ensures that parents or guardians are aware of and can oversee the collection and use of their child's personal information in accordance with applicable laws and regulations, including the Children's Online Privacy Protection Act (COPPA).

ESCO Institute is committed to complying with COPPA and other relevant privacy laws governing the collection, use, and disclosure of personal information from children. We do not knowingly collect or solicit personal information from minors without consent, and we take steps to safeguard the privacy and security of minors' data when it is necessary for educational or regulatory purposes.

Parents or guardians who have concerns about their child's use of our website or the collection of their personal information can contact us for more information. We strive to create a safe and secure online environment for all users, including minors, and appreciate parental cooperation in protecting children's privacy rights.

Collection of Personal Data

To provide you with products and services offered on our site, ESCO Institute may collect personally identifiable information, such as your:

  • First and Last Name
  • Mailing Address
  • Email Address
  • Phone Number
  • Social Security number, or another approved unique identifier
  • Billing and credit card information if you use and/or purchase ESCO Institute products and services

The information collected is used for identification purposes and/or to complete the purchase transaction. ESCO Institute does not gather personal information unless voluntarily provided by you. However, certain services or products may require specific personal information, such as when:

  • Registering for an account on our site
  • Taking an examination
  • Signing up for special offers from selected third parties
  • Submitting payment information when ordering and purchasing products and services

ESCO Institute utilizes this information to communicate with you regarding requested services and products. Additionally, we may collect additional information in the future to improve our services and enhance your user experience. Rest assured, we prioritize the security and confidentiality of your personal information and adhere to applicable data protection regulations.

Data Breach Response

At ESCO Institute, safeguarding sensitive data and ensuring data privacy are paramount. Our Data Breach Response Policy outlines the steps we take to promptly address and mitigate any potential data breaches or exposures.

Any threat of data leakage, whether identified by artificial intelligence or an ESCO Institute employee, must be reported immediately to our Information Technology Team. Upon receiving a report, our team will initiate a thorough investigation to ascertain the nature and scope of the incident.

The Information Technology Team investigates all reported thefts, data breaches, and exposures to determine if a theft, breach, or exposure has indeed occurred. This investigation is conducted swiftly and meticulously to minimize potential damage and protect sensitive information.

If a data breach or exposure containing ESCO Institute protected data is confirmed, our Information Technology Team takes immediate action to contain the incident. This includes removing access to the affected resource to prevent further unauthorized access or data compromise.

ESCO Institute has cyber insurance coverage that provides access to forensic investigators and experts. These professionals conduct a comprehensive analysis to determine the root cause of the breach or exposure, assess the number of individuals impacted, and analyze the extent of the breach.

In the event of a confirmed data breach or exposure, ESCO Institute prioritizes transparency and communication with affected individuals. We notify impacted individuals in writing, providing details about the incident, the potential impact on their data, and steps they can take to mitigate any risks.

ESCO Institute is committed to continuous improvement in data security practices. Following a data breach incident, we will conduct a thorough post-incident analysis to identify areas for improvement and implement corrective measures to enhance our security posture.

Our Data Breach Response Policy aligns with regulatory requirements and legal obligations related to data breaches. ESCO Institute complies with all relevant laws and regulations governing data protection, privacy, and breach notifications.

ESCO Institute's Data Breach Response Policy reflects our commitment to proactive data protection measures, swift response to incidents, transparent communication, and continuous improvement. We prioritize the security and privacy of our stakeholders' data and remain vigilant in safeguarding against data breaches and exposures.

Data Retention

ESCO Institute diligently adheres to data retention regulations established by the United States Environmental Protection Agency (EPA), obligating the preservation of all records for a minimum of three years. In addition to regulatory compliance, ESCO Institute has implemented a policy of perpetual data retention. This practice guarantees the perpetual availability of historical data, ensuring that we can efficiently meet our clients' needs and comply with regulatory standards.

Our commitment to data retention encompasses a wide range of records, including client information, transaction histories, and communications. These records are securely stored and maintained to safeguard against unauthorized access, data breaches, or loss.

This Data Retention Policy embodies our dedication to data integrity, security, and regulatory compliance. By retaining records indefinitely, we enhance our ability to provide comprehensive support and meet the evolving needs of our clients while upholding stringent privacy and cybersecurity standards.

We conduct regular reviews and updates of our data retention practices ensuring alignment with evolving regulatory requirements and industry best practices. These efforts underscore our commitment to maintaining the highest standards of data management, security, and privacy protection.

ESCO Institute's Data Retention Policy serves as a cornerstone of our commitment to transparency, accountability, and client-centric service delivery. We strive to uphold the trust and confidence of our clients by safeguarding their information with the utmost care and diligence.

Disaster Recovery

The ESCO Institute Information Technology Team plays a pivotal role in overseeing business continuity management and disaster recovery activities. Central to our planning efforts is the business continuity management plan, which forms the foundation of our strategies.

Our infrastructure's nucleus resides within a meticulously designed, constructed, and maintained data center. This facility adheres to a defense-in-depth strategy, incorporating stringent physical security measures to safeguard services and data from natural calamities and unauthorized access. Moreover, we have implemented redundancy across hardware, network components, and within the data center itself, ensuring robust reliability during most foreseeable incidents.

This plan covers all IT infrastructure, business-critical applications, and key operational areas of ESCO Institute including, but no limited to:

  • An event that significantly disrupts operations, including natural disasters (earthquakes, floods), cyberattacks, hardware failures, and human errors.
  • The maximum acceptable length of time that ESCO Institute business-critical applications can be offline before causing significant damage.
  • The maximum acceptable amount of data loss measured in time, representing the age of the data that must be recovered to resume normal operations.

The ESCO Institute Information Technology Team oversees disaster recovery operations, coordinates with team members, and communicates with senior management. They are responsible for technical recovery procedures, restoring data, and systems. Senior management will communicate information as needed to the clientele.

RTO and RPO for Critical Systems:

  • ERP System: RTO 4 hours, RPO 30 minutes.
  • Email System: RTO 2 hours, RPO 15 minutes.
  • Customer Database: RTO 1 hour, RPO 5 minutes.
  • Ensure minimal disruption to customer service, maintain compliance with regulatory requirements, protect organizational reputation.


ESCO Institute provides email accounts to employees solely for the purpose of supporting our customers. All emails must adhere to proper business practices and be relevant to the employee's specific job duties.

The use of ESCO Institute email addresses or systems is strictly prohibited for creating, distributing, or accessing any offensive or illegal material, including but not limited to content with offensive comments related to gender, race, age, sexual orientation, or religious beliefs. Any offensive material received via email must be promptly reported to Human Resources.

Emails sent to ESCO Institute email addresses may not be automatically forwarded to email addresses not owned or operated by ESCO Institute or its affiliates. Additionally, emails must not contain sensitive or confidential information.

ESCO Institute reserves the right to monitor and record all email messages sent or received through email addresses or systems owned or operated by the company. While not actively monitoring all email activity, ESCO Institute retains the right to do so.

As part of our employee security awareness training, employees are prohibited from clicking on attachments or links in unsolicited emails or from unknown sources. Any suspicious emails should be forwarded to the Information Technology Team for review.

Email Communication

ESCO Institute occasionally communicates with individuals via email to share test results, invoices due, order confirmations, reporting for accreditation, regulatory changes, industry news, events, announcements, promotional offers, alerts, surveys, and other relevant information. This communication aims to keep our partners, clientele, and industry stakeholders informed.

However, we respect your preferences regarding marketing or promotional communications. If you wish to stop receiving non-essential emails, you have the option to opt out of these communications. Simply follow the unsubscribe instructions provided in the email footer or contact us directly to update your communication preferences. Please note that you cannot opt out of emails pertaining to proctorship, regulatory updates, and billing.

ESCO Institute is committed to maintaining transparency and respecting the choices of our recipients when it comes to email communication. We strive to ensure that our communication practices align with regulatory requirements and industry standards for email marketing and promotional content.

By providing clear instructions for opting out of email communications, ESCO Institute aims to empower individuals to manage their preferences effectively. We value your privacy and aim to create a positive communication experience that meets your needs and expectations.


ESCO Institute places a strong emphasis on data security and employs advanced encryption techniques to safeguard sensitive information. Our encryption protocols encompass various aspects of data handling to ensure comprehensive protection:

  • We utilize robust encryption algorithms to safeguard data, ensuring its confidentiality and integrity.
  • Industry-standard encrypted transport protocols are implemented for data transmitted between user devices, the ESCO Institute database, and within our data centers. This secures data during transmission, mitigating the risk of interception or unauthorized access.
  • We adhere to best practices recommended by industry bodies such as OWASP (Open Web Application Security Project) and NIST (National Institute of Standards and Technology). These standards guide our encryption strategies, ensuring compliance and robust security measures.
  • All API communications within ESCO Institute utilize HTTPS (TLS 1.2) protocols, which encrypt data exchanges between systems, enhancing the security of data transfer processes.
  • Our database employs AES-256 encryption to protect data at rest. This encryption standard provides a high level of security, rendering data unreadable to unauthorized entities even when stored on disk or in storage systems.
  • The ESCO Institute database is hosted on a dedicated server infrastructure. This dedicated environment further enhances security by isolating data.

These encryption measures are implemented comprehensively across our systems to ensure that all data handled by ESCO Institute is securely protected against unauthorized access, breaches, and data compromises. We continuously monitor and update our encryption practices to align with evolving security standards and mitigate emerging threats effectively.

External Data Storage Sites

ESCO Institute may store your data on servers provided by third-party hosting vendors with whom we have contracted. These vendors are selected based on stringent security and privacy criteria to ensure that your data remains protected and compliant with relevant regulations. We maintain strict agreements and protocols with these vendors to safeguard the confidentiality, integrity, and availability of your data throughout its storage lifecycle. Regular audits and assessments are conducted to ensure that our third-party vendors adhere to the same high standards of data security and privacy as ESCO Institute.

Identity Based Access

ESCO Institute prioritizes the security and privacy of your data, especially when utilizing third-party hosting vendors for data storage. These vendors undergo rigorous scrutiny and selection based on stringent security and privacy criteria. Our goal is to ensure that your data always remains protected and compliant with relevant regulations.

To safeguard the confidentiality, integrity, and availability of your data throughout its storage lifecycle, ESCO Institute maintains strict agreements and protocols with these third-party vendors. These agreements outline the security measures, data handling practices, and compliance requirements that vendors must adhere to. Our team monitors and enforces these agreements regularly to uphold the highest standards of data protection.

Regular audits and assessments are integral parts of our monitoring process. We conduct thorough evaluations of our third-party vendors to verify their adherence to ESCO Institute's security and privacy standards. These audits include reviewing security protocols, data encryption practices, access controls, and compliance with industry regulations.

By partnering with reputable and compliant third-party hosting vendors, ESCO Institute ensures that your data is in safe hands. We take proactive measures to mitigate risks and continuously improve our data protection strategies. Our commitment to transparency and accountability extends to our vendor relationships, ensuring that your data remains secure throughout its lifecycle.

Incident Response Plan

ESCO Institute's Incident Response Plan is a structured framework designed to effectively address and manage security incidents within our organization that include, but are not limited to preparation, detection and analysis, containment and eradication, recovery, and post-incident analysis to manage security incidents effectively.

Key components:

  • ESCO Institute defines roles and responsibilities, establishes communication channels, and identifies critical assets and potential vulnerabilities to prepare for security incidents.
  • The plan outlines methods for promptly detecting security incidents through automated monitoring tools, user reports, or other means. Incidents are then analyzed to determine their scope, impact, and root cause.
  • ESCO Institute takes swift action to contain security incidents, preventing further damage or data loss. This may involve isolating affected systems, shutting down compromised services, or taking other measures to halt the incident's progression. Subsequently, efforts focus on eradicating the threat entirely.
  • ESCO Institute's plan includes procedures for restoring affected systems, data, and services to normal operations. This involves restoring backups, applying patches or updates, and verifying system integrity before resuming operations.
  • After resolving the incident, ESCO Institute conducts a thorough analysis to review the response process, identify areas for improvement, and implement corrective actions. This analysis strengthens our incident response capabilities for future incidents.
  • Throughout the incident response process, ESCO Institute maintains detailed documentation, including incident reports, actions taken, lessons learned, and follow-up actions. These records are vital for regulatory compliance, internal audits, and continuous improvement of our IRP.

ESCO Institute regularly tests, trains, and updates the Incident Response Plan to ensure readiness and resilience against evolving security threats. Our tailored approach considers the organization's size, industry regulations, threat landscape, and available resources, ensuring an effective response to security incidents.

Information Security Policy

The ESCO Institute prioritizes privacy and the protection of information as fundamental aspects of our operations. As part of our information risk management strategy, we are committed to preventing or reducing the probability of unauthorized access, use, disclosure, disruption, deletion, corruption, modification, inspection, or recording of sensitive information.

To achieve these goals, we adhere to best practice standards in the following areas:

  • Information Security Policies: Regularly updated to address emerging threats and ensure compliance with industry standards.
  • Password Strength: Enforcing strong password policies to protect against unauthorized access.
  • Access Controls: Implementing strict access control measures to ensure that only authorized personnel can access sensitive information.
  • Firewalls: Utilizing advanced firewall technologies to protect our network from external threats.
  • Security Awareness: Providing ongoing training and awareness programs to educate employees about cybersecurity best practices.
  • Audits: Conducting regular security audits to identify vulnerabilities and ensure compliance with security policies.

In the event of a security incident, our Information Technology Team is prepared to respond immediately to mitigate the issue and reduce its negative impact. This proactive approach ensures that ESCO Institute remains resilient against potential threats and continues to safeguard the privacy and security of all information.

Information Technology Team

At ESCO Institute, we understand that security threats are constantly evolving, and so must our measures to counter them. Our Information Technology Team is at the forefront of this ongoing battle, ensuring that our practices and protocols are always up-to-date and robust. Guided by the National Institute of Standards and Technology (NIST) Special Publication 800-174 on cybersecurity, we are dedicated to safeguarding our information assets through a comprehensive and adaptive approach.

Our commitment begins with rigorous risk management. We conduct regular risk assessments to identify, prioritize, and mitigate potential security threats. This proactive stance allows us to adapt our strategies to new and emerging threats, ensuring that our defenses remain strong and responsive.

Access control is another cornerstone of our security framework. We have implemented strict measures to ensure that only authorized personnel can access sensitive information. Through role-based access controls, we limit access based on job responsibilities, thereby minimizing the risk of unauthorized data exposure.

In the event of a security incident, our comprehensive incident response plan enables us to act swiftly and effectively. Regular training and simulations ensure that our Information Technology Team is always prepared to respond to incidents, reducing potential damage and restoring normal operations as quickly as possible.

Protecting data is paramount. We employ advanced encryption and data loss prevention technologies to safeguard sensitive information. Our data protection measures are continuously reviewed and updated to align with best practices, ensuring that we stay ahead of potential vulnerabilities.

A key element of our strategy is fostering a culture of cybersecurity within the organization. We provide continuous security awareness training for all employees, ensuring they are informed about current threats and best practices to mitigate them. This training helps embed a security-first mindset across all levels of the organization.

To maintain the highest standards of security, we conduct regular audits to ensure compliance with NIST 800-174 guidelines and our internal policies. These audits not only help us identify areas for improvement but also guide us in implementing corrective actions to enhance our security posture.

Monitoring and continuous improvement are integral to our approach. We actively monitor network traffic and system activity for any signs of suspicious behavior or potential breaches. This vigilance allows us to respond quickly and effectively to any threats that arise.

The Information Technology Team at ESCO Institute is responsible for developing, implementing, and maintaining our information security policies and procedures. This includes managing access controls, coordinating incident response efforts, providing security awareness training, and ensuring compliance with NIST 800-174 guidelines through regular audits.

By adhering to these stringent policies and best practices, ESCO Institute is committed to protecting our information assets against ever-evolving security threats. Our ongoing efforts ensure the confidentiality, integrity, and availability of our data, safeguarding the trust and confidence of our stakeholders.


ESCO Institute provides links to external sites for additional resources. However, ESCO Institute does not control or endorse the content or privacy practices of these sites. Users should be aware that clicking on external links will direct them away from the ESCO Institute website. It is recommended that users read the privacy statement of any site that collects personally identifiable information to understand their policies. ESCO Institute is not responsible for any content or practices on external sites.

Next-Generation Persistent Threat Monitoring

At ESCO Institute, we employ next-generation persistent threat (NGPT) monitoring to ensure the highest level of security. Utilizing advanced tools such as SentinelOne and Blackpoint Cyber (SnapAgent), along with other resources determined by our Information Technology Team, we continuously protect our systems from potential threats. Our commitment to robust cybersecurity practices guarantees the safety and integrity of our data and infrastructure, providing peace of mind to our stakeholders and maintaining our reputation for excellence in security.

Organizational Contact Information

ESCO Institute welcomes your questions or comments regarding these privacy and security policies. If you have any questions, contact ESCO Institute by phone at 1-800-726-9696 or by email at If you are looking to contact a specific person, you can use our organizational chart.

Physical Security

At ESCO Institute, data security extends beyond digital safeguards. Our data is stored in a highly secure, encrypted database housed within a state-of-the-art data center. This facility is meticulously designed, built, and managed with a defense-in-depth strategy. Rigorous physical security measures are in place to protect against natural disasters and unauthorized access.

Physical security includes controlled access points, surveillance systems, intrusion detection mechanisms, and environmental controls to mitigate risks such as fires or floods. Additionally, stringent protocols are followed to ensure only authorized personnel have physical access to the data center. These comprehensive physical security measures complement our robust digital security protocols, providing a layered defense approach to safeguarding services and data.

Remote Access

At ESCO Institute, safeguarding our data and systems remains a top priority, especially in remote work scenarios. To uphold the highest standards of security, all employees working remotely, whether from home or during travel, are required to connect to the ESCO Institute network exclusively through our virtual private network (VPN). This VPN connection establishes a secure and encrypted channel, preventing unauthorized access to sensitive information.

Accessing the VPN also necessitates multifactor authentication, an essential security measure endorsed by our Information Technology Team. The multifactor authentication solutions we employ undergo rigorous vetting to ensure they meet stringent security criteria, providing an additional layer of protection against unauthorized access attempts.

Employees are responsible for maintaining a secure remote work environment in compliance with ESCO Institute's security protocols. This includes using secure Wi-Fi networks, avoiding public or unsecured connections, and regularly updating antivirus software on their devices.

Any encountered issues or security concerns during remote work activities must be promptly reported to the Information Technology Team for immediate investigation and resolution. Our proactive approach to remote access security ensures that potential threats are addressed swiftly, minimizing risks to our data and systems.

By adhering to these guidelines and leveraging secure remote access technologies, ESCO Institute maintains the integrity and confidentiality of our data, regardless of the location from which our employees operate. Our commitment to robust remote access security safeguards our organization against cyber threats and underscores our dedication to protecting sensitive information.

Security Awareness Training

At ESCO Institute, we recognize that the human element is often the weakest link in cybersecurity. To address this, Security Awareness Training is a mandatory requirement for all employees. This comprehensive training initiative is designed to educate employees, monitor their understanding, and conduct ongoing susceptibility analyses. The primary goal is to equip every employee with the necessary tools to detect and respond effectively to social engineering and phishing attempts, thereby enhancing our overall security posture.

Our training covers a wide range of topics, including identifying phishing emails, recognizing social engineering tactics, understanding the importance of strong passwords, and best practices for handling sensitive information.

Employees engage in interactive modules that provide practical examples and simulations of potential security threats. These modules are designed to be engaging and informative, ensuring that employees retain the knowledge they acquire.

As part of the training, we run harmless simulations of real ransomware and cyber infections. These simulations do not use any real files but test various infection scenarios. This practical approach helps employees experience and respond to potential threats in a controlled environment.

We monitor employees’ responses to these simulated attacks to assess their understanding and identify vulnerabilities. This analysis helps pinpoint areas where additional training is needed, ensuring a targeted approach to improving our security defenses.

Security threats evolve constantly, and so does our training program. We regularly update the training content to reflect the latest threats and best practices. Employees are required to participate in refresher courses and new training modules as they become available.

  • All employees must complete the initial security awareness training upon hiring and participate in ongoing training sessions as required.
  • Managers are responsible for ensuring their team members complete the necessary training and apply what they have learned in their daily tasks.
  • The IT team develops and updates the training content, monitors the effectiveness of the training, and provides additional resources as needed.

Completion of security awareness training is tracked, and compliance is enforced. Employees who fail to complete mandatory training or demonstrate non-compliance with security protocols may face disciplinary actions, including restricted access to certain systems or termination.

By mandating Security Awareness Training, ESCO Institute aims to create a vigilant and informed workforce capable of protecting our organization from evolving cyber threats. This proactive approach ensures that all employees contribute to maintaining a secure and resilient information environment.

Security of your Personal information

ESCO Institute prioritizes the security of your personal information to prevent unauthorized access, use, or disclosure. We employ the SSL (Secure Sockets Layer) protocol, a standard security technology, to encrypt data transmitted between your device and our servers. This encryption ensures that your sensitive information, such as personal details and payment data, remains confidential and protected during transmission.

While ESCO Institute takes robust security measures to safeguard your personal information, it's essential to acknowledge that no system or transmission method can guarantee 100% security due to inherent limitations in Internet technology and wireless networks. Despite our best efforts, factors beyond our control, such as cyber threats or vulnerabilities, may pose risks to the security, integrity, and privacy of data exchanged through our website or services.

We continuously review and enhance our security protocols to address emerging threats and vulnerabilities proactively. Additionally, we implement industry best practices and comply with relevant security standards to ensure the highest level of protection for your personal information.

By using our website or services, you agree to the inherent security and privacy limitations associated with Internet technology. ESCO Institute remains committed to maintaining the confidentiality and security of your data, and we encourage you to contact us if you have any security concerns or questions regarding the protection of your personal information.

Secure Software and Applications

At ESCO Institute, ensuring secure software and applications is a critical component of our privacy and cybersecurity policy. Our employees are required to uphold strict confidentiality agreements regarding all data they handle. Internal tools and applications include data protection notices to remind employees and data handlers of their responsibility for safeguarding sensitive information. Access to install software, updates, and patches is restricted to authorized members of the Information Technology Team. This protocol helps maintain the integrity and security of our systems, reducing the risk of unauthorized access or data breaches. We are committed to implementing robust security measures to protect the privacy and confidentiality of all data within our organization.

Third-Party Assessment Audits

At ESCO Institute, our commitment to privacy and security extends to regular review audits conducted with the assistance of third-party experts. These audits are instrumental in ensuring ongoing compliance with regulations and industry standards while facilitating continuous improvement in our security measures.

Third-party assessors bring a wealth of experience and an objective viewpoint to our audits. They meticulously evaluate our systems, networks, and data protection protocols against established benchmarks and best practices. This comprehensive assessment covers various aspects, including access controls, encryption standards, incident response plans, and employee security training.

The audits serve as a robust mechanism to identify potential vulnerabilities and areas of non-compliance. Detailed reports provided by the assessors offer valuable insights into our security posture, highlighting strengths and areas for improvement. The Information Technology Team plays a pivotal role in implementing recommended enhancements and addressing identified risks promptly.

Our audit process is designed to be thorough and proactive. It involves continuous monitoring, periodic assessments, and proactive risk management strategies. By regularly reviewing and enhancing our security measures, we strive to stay ahead of emerging threats and ensure the protection of sensitive data belonging to our stakeholders.

Ultimately, these regular review audits reinforce our commitment to maintaining the highest standards of privacy and security across all facets of our operations. They provide assurance to our customers, partners, and regulatory bodies that ESCO Institute takes data protection seriously and continuously works towards strengthening

Tracking User Behavior

ESCO Institute may track user behavior within our platform to analyze which services are most popular among our users. This data helps us deliver personalized content and targeted advertising to customers who have shown interest in specific products or services. We use this information to enhance user experience and provide relevant recommendations based on user preferences and behavior patterns. Our tracking practices are aimed at improving our services and ensuring that users receive content tailored to their interests and needs.

Threat Protection

At ESCO Institute, we prioritize threat protection as a critical aspect of our data security strategy. Our incident response process is designed to swiftly and effectively address any potential security threats. We maintain 24/7 monitoring of endpoints to predict, detect, assess, and mitigate potential security incidents. If a security breach is detected, our incident response process is immediately activated.

Our incident response process involves tracking the specifics of the incident, including what occurred, which data was accessed, who accessed it, and when. This detailed analysis helps us understand the nature and extent of the breach, enabling us to take appropriate action. The Information Technology Team leads the response efforts and may suspend affected resources until the situation is fully resolved and security is restored.

ESCO Institute is committed to maintaining a proactive stance against security threats and continuously improving our incident response capabilities. By promptly addressing security incidents, we aim to minimize potential risks, protect sensitive data, and uphold the trust and confidence of our users and stakeholders in our security measures.

Use of Cookies

The ESCO Institute website may use “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web servicer in the domain that issued the cookie to you. You can accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the features of the ESCO Institute services and/or websites you visit.

Use of your Personal Information

ESCO Institute collects and uses your personal information to deliver the services you have requested. Additionally, ESCO Institute may use your personal information to inform you about regulatory updates, industry news, events, and other products or services available from ESCO Institute and its affiliates.

© ESCO Group 2024 All rights reserved

P.O. Box 521, Mt. Prospect, IL 60056

Telephone: (800) 726-9696 • Fax: (800) 546-3726