Cyber security

Pearson centres have a critical role to play in maintaining and improving cyber security to protect their learners and data. This page shares some general guidance on security best practice.

Edexcel Online password reset

In April 2024, as part of our ongoing drive to improve security, we enhanced the criteria for Edexcel Online passwords, which means you will need to reset your password next time you log in. Follow the password best practice guidance on this page when choosing your new password to ensure it’s as strong as possible and meets our criteria.

Question paper security

As we enter the May/June 2024 exam series, we have new on-demand training modules available on Pearson Development Hub for exams staff on GQ and BTEC question paper security. These modules provide the opportunity to understand question paper security and provide guidance on best practice following JCQ and Pearson guidelines when delivering series-based exams.

Access question paper security modules on Pearson Development Hub.

DfE and JCQ guidance

The Department for Education have detailed guidelines on cyber security standards for schools and colleges, and all centres should meet these standards.

Read the DfE's cyber security standards

The JCQ have produced a guidance document for centres covering account management and general cyber security best practice.

Download the JCQ guidance for centres on cyber security

Password best practice

A strong password is key to keeping any account secure. When making a password for use with Pearson systems there are some mandatory requirements. Your password must contain:

a mininum of 8 characters
at least one numerical characters
a mixture of upper and lower case letters.

On top of these mandatory requirements, we recommend taking some additional steps to ensure your password is as secure as possible.

Use special characters throughout your password. Edexcel Online accepts hyphens (-), underscores (_), @ signs and full stops (.) in your password and using these characters will make your password stronger.
Don't use personal information. Details like names or birthdays will be among the first things a malicious party will try if they have them.
Don't reuse passwords. We know our customers are likely to work with multiple organisations, all requiring separate login details, and more logins means more passwords to remember, so it's tempting to use the same password across multiple platforms. However, should your account be compromised on one system, it's likely that any login details that are reused elsewhere can be used to compromise your account on other systems using those same details.
The National Cyber Security Centre (NSCS) recommends using three random words, which allows passwords to be longer and harder to crack. Combine this tip with substituted special characters for a strong password.

Spotting genuine communications and phishing attempts

Emails from Pearson will always come from an @pearson.com email address. If you're suspicious, check the domain for misspellings such as "pearsons.com" or "parson.com".

Whenever possible, we will address an email to your first name, as given on your Edexcel Online account.

Pearson will never ask you for your login details, password or multi-factor authentication code, nor will we ever ask you to enter these from an email.

If you're suspicious about an email you've received, contact us via the Pearson support portal and we'll be able to confirm whether or not it's genuine.

Pearson support portal

Cyber attacks

If you suspect your centre has been the victim of a cyber attack, it's vital that you contact us as soon as possible. This will allow us to take action to ensure confidential data and materials are kept secure.

Pearson support portal