Data Security - 94886935 © creativecommonsstockphotos |

SOC 2: What You Need to Know about Data Security and Herrmann

For more than 40 years, Herrmann has been a leading voice in the Learning & Development space for protecting the data privacy and security of the millions of our end-users -- who we refer to as Thinkers -- using our products around the world. We have always valued client data and have taken a strong stance on data security and privacy, including the view that only our end users should own their own personal data.

Today, our team is pleased to announce another significant milestone, the achievement of AICPA’s SOC 2 certification, which recognizes the data security excellence of the Herrmann technology platform that enables thousands of teams and organizations to create ongoing value from their cognitive diversity. The certification criteria is based on five rigorous “trust service principle” standards for managing customer data: security, availability, processing integrity, confidentiality and privacy. 

Why is this important? As our society becomes ever more privacy conscious, Herrmann remains a step ahead in ensuring important protections. Unlike many companies who enable the use of low-validity assessment tools that can result in discriminatory hiring practices, or resell user account data for use in online advertising, Herrmann’s privacy standards ensure that only Thinkers and highly-trained Certified Practitioners can use Thinker data for specific, limited and consented purposes. Beyond the legal and ethical considerations, we believe that there are important validity considerations in play: Thinkers will only provide truthful cognitive data as inputs into their profile if they know and can trust what is being done with it. This helps the profiles we generate maintain our industry’s highest face validity -- that is, confidence from the end user that the profile accurately and validly reflects what is going on inside their mind. 

In addition to these standards, our new platform architecture was built from the ground up with privacy in mind, so that new features like annotated profiles, sharing and teams can be used with the confidence that your data is secure. Database administrators can manage individual access permissions at a granular level, and our Client Advocacy Team members regularly review and assist in maintaining best-in-class data structures.

Database Infrastructure

“Looking forward, we will continue to prioritize our Thinkers’ data privacy,” says Karim Nehdi, CEO of Herrmann. “The importance of trust in today’s world cannot be overstated. We help Thinkers build trust in one another, their teams, and their organization, and our strong voice on data privacy helps reinforce that trust.”

We continue to believe transparency on these important topics, as well as meeting well-established security standards, is vital to maintaining trust. As a company, we are committed to staying at the forefront of data privacy protection, and will continue to evolve our approach as technologies, regulations and our clients’ needs change. You can always check out our privacy policy to learn the latest information on how we use any personal data that you provide to us (it is accessible from any page where we collect personal data). Have any questions? We’d love to hear them. Our privacy team can always be reached at


See prior related blog on Data Security and Herrmann: What You Need to Know About GDPR, Personal Info, and more


The four-color, four-quadrant graphic, HBDI® and Whole Brain® are trademarks of Herrmann Global, LLC.

Bring Your Whole Brain® to Work with Our Weekly LinkedIn Newsletter