Information Security & Confidentiality Policy

LanguageStat (LS)

1. Purpose

LanguageStat is committed to protecting candidate data, client information, and proprietary testing materials. This policy establishes the security controls required to ensure the confidentiality, integrity, and availability of all information handled within LanguageStat’s testing environment.

2. Scope

This policy applies to:

  • Employees, contractors, and testers

  • Any device used to access LanguageStat systems

  • All test content, candidate data, scoring systems, and internal communications

  • Clients and partners interacting with LanguageStat systems (as applicable)

3. Policy Statement

LanguageStat maintains an information security framework approved by management and communicated to all relevant stakeholders through onboarding, agreements, and operational procedures.

4. Confidentiality & Data Protection

4.1 Confidentiality of Test Materials

All testing materials are strictly confidential and proprietary. Personnel must:

  • Not share, copy, record, or distribute test content

  • Not discuss test materials outside authorized LanguageStat personnel

  • Not reuse test content for personal or professional purposes

4.2 Candidate Data Protection

  • Candidate personal and performance data must be treated as confidential

  • Access is restricted to authorized personnel only

  • Data may only be used for testing and evaluation purposes

4.3 Data Handling & Retention

  • Test materials must not be downloaded, stored, or retained unless explicitly required

  • Temporary files must be deleted immediately after use

  • Data must be securely stored and deleted when no longer needed

5. Device & System Security

5.1 Device Security Requirements

All devices used for testing must:

  • Be password-protected with strong credentials

  • Automatically lock after inactivity

  • Not be shared with unauthorized individuals

  • Have up-to-date operating systems and security patches

  • Use antivirus/anti-malware protection

5.2 Encryption

  • Full disk encryption must be enabled where available

  • Sensitive data must not be stored unencrypted

5.3 Access Control

  • Use only authorized LanguageStat accounts and systems

  • Login credentials must never be shared

  • Multi-factor authentication (MFA) must be enabled where available

  • Suspected unauthorized access must be reported immediately

6. Network & Operational Security

  • Use secure, private internet connections only

  • Avoid public Wi-Fi unless properly secured (e.g., VPN)

  • Do not access systems on unsecured or unknown networks

7. Prohibited Activities

Personnel are strictly prohibited from:

  • Recording (audio, video, or screenshots) any part of a test

  • Using AI tools or external assistance unless explicitly permitted

  • Storing test materials locally beyond active sessions

  • Allowing unauthorized individuals to view or access test content

8. Secure Communication

  • Sensitive information must only be shared through approved channels

  • Identity verification is required before sharing candidate or client data

9. Incident Reporting

All personnel must immediately report:

  • Lost or stolen devices

  • Suspected data breaches or leaks

  • Unauthorized access attempts

  • Accidental exposure of confidential materials

10. Training & Communication

Security expectations are communicated through:

  • Onboarding and training programs

  • Confidentiality agreements (NDA)

  • Internal documentation and procedures

11. Compliance & Enforcement

Violations of this policy may result in:

  • Immediate termination of contract or employment

  • Legal action where applicable

12. Acknowledgment

All personnel must confirm:

  • They have read and understood this policy

  • They agree to comply with all requirements

13. Management Approval & Review

This policy is approved by LanguageStat management and reviewed periodically to ensure alignment with evolving security risks and industry best practices.