Compass employs these security commitments consistent with industry best practices to maintain the confidentiality, integrity, and availability of data resources:
IT Security Policies
- The company maintains relevant IT Security policies on our intranet for associate reference. The policies are updated annually.
- All production servers are housed in our secure data center. This data center is monitored by staff 24/7.
- All servers are backed up in a manner consistent with industry best practices.
- Monthly security patches are applied.
- When a critical patch is released outside the normal patch schedule, a security engineer will analyze the risk and, if deemed essential, the patch will be addressed as a priority.
- Each application is scanned weekly and a third party penetration test run annually.
Up-to-Date Anti-Virus and Anti-Malware Software
- Up-to-date anti-virus and anti-malware software has been installed on each server and workstation in the Compass network.
Security Event Logging
- Event logs are captured and consolidated in a SIEM so that activity on the production servers can be monitored and reviewed.
- Only authorized users with uniquely identifiable accounts are provisioned into each application.
- Each account has a complex password that expires every 90 days.
Network Account Deletions
- Accounts are disabled upon associate termination.
- Inactive accounts (with no activity for 90 days) are disabled.
- Inactive accounts (created >1 month previous with no activity) are disabled.