Security

Compass employs these security commitments consistent with industry best practices to maintain the confidentiality, integrity, and availability of data resources:

 

IT Security Policies

  • The company maintains relevant IT Security policies on our intranet for associate reference. The policies are updated annually.

Data Center

  • All production servers are housed in our secure data center. This data center is monitored by staff 24/7.

Backups

  • All servers are backed up in a manner consistent with industry best practices.

Patching

  • Monthly security patches are applied.
  • When a critical patch is released outside the normal patch schedule, a security engineer will analyze the risk and, if deemed essential, the patch will be addressed as a priority.

Vulnerability Scanning

  • Each application is scanned weekly and a third party penetration test run annually.

Up-to-Date Anti-Virus and Anti-Malware Software

  • Up-to-date anti-virus and anti-malware software has been installed on each server and workstation in the Compass network.

Security Event Logging

  • Event logs are captured and consolidated in a SIEM so that activity on the production servers can be monitored and reviewed.

Account Creation

  • Only authorized users with uniquely identifiable accounts are provisioned into each application.
  • Each account has a complex password that expires every 90 days.

Network Account Deletions

  • Accounts are disabled upon associate termination.
  • Inactive accounts (with no activity for 90 days) are disabled.
  • Inactive accounts (created >1 month previous with no activity) are disabled.