Investors in People Data Security / Protection FAQs

Is IIPCIC registered with the Information Commissioners Office?

Yes, registration number: ZA286529

Does IIPCIC have a Data Protection Policy?

Yes – please see the Data Protection Policy on our website:

Are IIP classed as a Data Processor?

No, IIP has a controller to controller relationship with our clients and Practitioners who deliver the IIP service. A data controller is an organisation that determines what data is needed, what can be done with it, and how to handle that data – we therefore need to process the data according to our processes, in particular the data used within our online assessment system.

What physical security controls are in place to protect personal data?
What maintenance programme/s do you have in place to ensure that your computer equipment and software is kept running smoothly and to fix any security vulnerabilities?
Is IIP certified in an industry accepted control standard?
Are your Information Security policies reviewed and updated periodically?
Do IIP employees receive data protection training?
Are IIP employees asked to sign a data protection policy as part of their terms and conditions of employment?
Are contractors and part‐ time/temporary employees bound by your information security policy, and confidentiality and/or non‐ disclosure agreements?
Do you use Antivirus software on all employee desktops, laptops, and servers?
What firewalls/network security are in place?
Do you perform periodic vulnerability scanning against your systems?
Can I request to see what personal data you hold about me?
Do you have a data breach process?
Who do I contact with questions about data protection?
Who is your Data Protection Officer?

IIP Assessment Survey

What information is collected from organisations?
What information is collected from participants on the IIP survey?
Can my organisation see my answers to the IIP survey?

No, all data is aggregated and anonymised removing any Personal Identifiable Information (PII) before being shared with your organisation and any third parties such as Practitioners, delivery partners (see Appendix 1) and other administrators. For the protection of small groups where data trends could be interpreted and linked back to individual submissions, aggregated group data is not shown until there are at least seven responses in the group in question.

Where is survey data, including personal data, stored and how is it kept secure?
How long is data stored for and when is it deleted? What happens when data is deleted/archived?
How/when is personal data moved and what measures are in place to ensure its security during transfer?
Can an organisation undertake the IIP survey without providing any of their staff personal data?
Do we share survey personal data with other organisations?
Who has access to Survey personal data?
How are permissions set to ensure only those who truly require it have access to survey data sets?

Appendix 1

Our Delivery Partners

  • IIP Scotland: This is Remarkable Limited
  • IIP Philippines: Inspiring Partners Inc


Ready to make work better? Complete the form below and one of our team will be in touch to discuss your accreditation enquiry.


Hopefully you found what you were looking for. We’re always releasing new content and scheduling events to tackle some of the hottest topics in the news right now, so do check back soon.

Have you considered how your organisation would benefit from becoming accredited? Let’s talk! You can book a meeting directly using the link below.

Already accredited?

Please email or phone us on 0300 303 3033 and we will deal with your enquiry promptly.