info icon
Open P-TECH is changing its name to IBM SkillsBuild for Students and Educators on July 7th.

Open P-TECH 
Security Standards

Overview

Trust and security are foundational to our company and how we engage with our clients and communities. Our IBM Corporate Social Responsibility team, in particular, pursues the highest standards of corporate responsibility in all we do. Therefore, personal data is handled with appropriate standards and care, and can be removed at any time by request.
To learn more, visit: IBM Trust Center

Details

Open P-TECH is built on IBM’s YourLearning platform, the internal learning platform for hundreds of thousands of IBMers around the world, which complies with rigorous global privacy and security standards: General Data Protection Regulation (GDPR) and ISO/IEC 27001.

General Data Protection Regulation (GDPR) is a regulation in the European Union on data privacy and protection that gives individuals much greater control over how organizations/ companies process or control the processing of their personal data. It is generally considered the most stringent data protection regulation and became a model for most countries around the world. The California Consumer Privacy Act (CCPA) has many similarities to GDPR.

ISO/IEC 27001* is an international standard on managing information security management systems (ISMS). Certification for ISO 27001 ensures that security is actively considered and managed in all aspects of the system.

For more questions, please contact us at advisor@ptech.org

Security standards FAQs

  • We collect as little information as possible to protect user privacy and comply with data privacy standards. For each user, we collect the following required Personally Identifiable Information (PII):

    — Name
    — Email address
    — School/org affiliation (any individual sign-up is marked “Not-Applicable”)
    — Country
    — (For students affiliated with a school/organization): Assigned teacher/administrator/mentor
    — (For teachers/admins affiliated with a school/organization): Students who are assigned to them in the system
    — Age range (above/below the age of consent in your particular country) • Note – We do not ask for a specific birthdate, so this is not considered Sensitive Personal Information. We only ask for a year of birth to ensure we comply with local age of Digital Consent laws.
    • Note – For students who are below the age of consent for a particular country, we also collect their parent/guardian email address in order to gather and document parental consent for minors to use Open P-TECH.

    — Unique id (a unique identifier generated by Open P-TECH)

    During registration, we collect the following optional information to better understand our user base as a whole. The individual information is never shared with anyone outside of the core Open P-TECH team.

    — (For students): Grade level
    — (For teachers/admins): Subject taught — How you heard about Open P-TECH

    Once users begin using the platform, we collect the following usage metrics by user to issue learning credit and credentials to our users. We also collect usage metrics to monitor the health of the platform and assess impact.

    — # of learning hours completed
    — badges earned
    — courses queued, in progress, or completed

    These metrics are anonymized and aggregated when shared externally. No other demographic information or sensitive PII beyond the above is collected at this time for the core Open P-TECH experience.
  • For users that have been approved to use our Virtual Mentoring Platform as part of their organizational mentoring program,vwe offer free access to the Chronus mentoring platform. Chronus is built-in to the Open P-TECH platform so users can access their Chronus instance through the Open P-TECH single-sign on for authentication. In GDPR terms, Chronus is the data processor, and IBM is the data controller. The data fields Open P-TECH passes to Chronus include: first name, last name, unique id, email, and school.

    Once a user is authenticated with Open P-TECH, they are expected to go to the Chronus platform to complete their profile for mentor/mentee pairing. At this point the user has left the Open P-TECH platform and is in the Chronus platform. Please note: Only users who have been approved by their school or organization have access to Chronus. Data is not shared with Chronus for any Open P-TECH user that is not been approved to use the mentoring functionality.
    Chronus Privacy Notice
    Chronus Terms and Conditions
  • Tribe is built into the Open P-TECH platform so that users can access the Tribe community through Open P-TECH single sign-on for authentication. In GDPR terms, Tribe is the data processor, and IBM is the data controller. Tribe is a community forum functionality that enables monitored conversations about specific technical and career topics of interest to our users.

    The data fields passed to Tribe include first name, last name, email address, and unique id. The data shown to other users of the Open P-TECH Tribe instance only includes first and last name (students are unable to add personal photos, location data, or show their email addresses).

    Students using Tribe will be searchable by their name and whether or not they have made or responded to a post. Posts and responses made by students are viewable by all other Open P-TECH participants if the post is in a public group, or viewable by a smaller, select group if made in a private group. All posts are automatically moderated by our Digital Success team on a daily basis.

    Tribe Privacy Notice
    Tribe Terms of Service
  • As mentioned above, we are compliant with the major international privacy laws that have been passed since 2016: Global Data Privacy Regulations, California Consumer Privacy Act, and more international laws that are coming into effect in the near future. Given the absence of a U.S. national data security law, it is difficult to explicitly address each and every local law regarding data privacy across the 50 states. However, we remain confident that our privacy and security practices likely meet or exceed the requirements of those laws. If you are from a state or locality that does have a specific data security law on the books, our legal team can review to ensure specific compliance. Please just reach out to our Open P-TECH point of contact for more details.
  • Since IBM is a global company in compliance with Global Data Privacy Regulations (GDPR), we store our data in Frankfurt, Germany.
  • We must share certain data with vendors in order to deliver the Open P-TECH platform. The specific data we share with Chronus and Tribe (two of our vendors that add value to the user experience on the platform) is articulated above. In certain cases, we also share name, email address, and unique ID with 3rd-party content vendors in order to give users credit for learning completed on partner platforms. We have data privacy agreements with all third parties, and any data shared is transmitted and received through secure, encrypted channels. In addition, all vendors are required to abide by our digital privacy agreements so that your data is handled securely.