Prometric Becomes Security Benchmarks Member of the Center for Internet Security


Global High Stakes Exams Leader Utilizes Best Standard Practices for Internet Systems

Prometric, the global leader in secure high stakes testing, has become a Center for Internet Security (CIS) Security Benchmarks member.  Through its membership, Prometric further bolsters its cybersecurity defenses by leveraging CIS’ consensus-based, internationally recognized security configuration resources.

“Becoming a CIS Security Benchmarks member demonstrates our ongoing commitment to cyber security, ensuring that all data we control and share is under meticulous stewardship,” said Paul Forrester, Prometric’s Chief Technology Officer.  “The investments we make in our people, systems and procedures validate the trust given to doctors, teachers, accountants, engineers, auto technicians, and millions of other professionals around the world.  We have to get the job of cyber security right 100 percent of the time, and our CIS membership strengthens our defenses.”

CIS’ experts constantly refine industry-accepted best practice standards, known as benchmarks, for secure configuration of the most commonly used IT systems and technologies.  The CIS Security Benchmarks team provides members with tools for measuring information security status and resources for making informed security investment decisions.  Members include users and organizations from virtually every industry sector and every size, ranging from independent consultants to Fortune 500 companies.

“CIS Security Benchmarks are recommended as industry-accepted system hardening standards and are used by organizations in meeting compliance requirements for FISMA, PCI, HIPAA and other security requirements,” said Steve Spano, CIS President and Chief Operating Officer.  “We are excited to welcome Prometric as a CIS Security Benchmarks member, and look forward to collaborating with them to help enhance their cybersecurity posture.”

In addition to its CIS Security Benchmarks membership, Prometric holds a number of IT certifications, including:

  • ISO/IEC 27001:2013 ― Information Security Management System — Ensures Prometric meets and can evidence specific management controls, with focus on strict compliance and continuous improvement;
  • ISO/IEC 9001:2008 — Quality Management Standard ― Demonstrates that Prometric maintains an effective quality assurance system in the design and delivery of its services;
  • ANSI (American National Standards Institute) ― Attests to Prometric’s focus on service quality and fair test administration;
  • FISMA — As a U.S. federal government contractor, Prometric maintains compliance with the Federal Information Security Management Act of 2002, which requires federal agencies to develop, document and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of an agency;
  • SSAE16 ― Also known as a SOC 1 Report (Service Organization Controls), the Statement on Standards for Attestation Engagements verifies that Prometric meets the set of standards and controls defined by the American Institute of Certified Public Accountants (AICPA);
  • PCI-DSS ― Certification by the Payment Card Industry Data Security Standards demonstrates a special level of due diligence by Prometric in the hardening of systems and networks traversed by sensitive data to effectively secure financial information;
  • ISO/IEC 14001:2004 ― Environmental Management Standard (Certified) — This family of standards focuses on environmental management and ensures that organizations adhere to specific guidelines and practices to help minimize how their operations negatively impact the environment;
  • BS OHSAS 18001: 2007 — Occupational Health & Safety Standard ― Ensures Prometric meets occupational health and performance benchmarks worldwide;
  • CMMI Level 2 Compliant — Formulated by Carnegie Mellon’s Software Engineering Institute (SEI), Capability Maturity Model Integration (CMMI) is a process improvement training and appraisal program with a focus on software development, designed to encourage continuous improvements that result in quality outputs.

Center for Internet Security
The Center for Internet Security (CIS) is a 501(c)(3) organization dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. Utilizing its strong industry and government partnerships, CIS combats evolving cybersecurity challenges on a global scale and helps organizations adopt key best practices to achieve immediate and effective defenses against cyber attacks. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), CIS Security Benchmarks, and CIS Critical Security Controls. To learn more please visit or follow us on Twitter at @CISecurity.

About Prometric
Prometric, a wholly-owned subsidiary of ETS, is a trusted and market-leading provider of technology-enabled testing and assessment. Committed to a set of values that get the right test to the right location at the right time and to the right test taker, Prometric supports candidates worldwide who take more than 9 million tests each year. Through innovation, workflow automation and standardization, Prometric advances test development and delivery solutions that are better, faster and at less expense for its clients.

Prometric delivers tests flexibly via the Web or by utilizing a robust network of more than 8,000 test centers in more than 160 countries and on behalf of more than 350 clients in the academic, financial, government, healthcare, professional, corporate and information technology markets.

For more information, please visit