Security

Compass employs these security commitments consistent with industry best practices to maintain the confidentiality, integrity, and availability of data resources:

IT Security Policies

• The company maintains relevant IT Security policies on our intranet for associate reference. The policies are updated annually.

Data Center

• All production servers are housed in our secure data center. This data center is monitored by staff 24/7.

Backups

• All servers are backed up in a manner consistent with industry best practices.

Patching

• Monthly security patches are applied.
• When a critical patch is released outside the normal patch schedule, a security engineer will analyze the risk and, if deemed essential, the patch will be addressed as a priority.

Vulnerability Scanning

• Each application is scanned weekly and a third party penetration test run annually.

Up-to-Date Anti-Virus and Anti-Malware Software

• Up-to-date anti-virus and anti-malware software has been installed on each server and workstation in the Compass network.

Security Event Logging

• Event logs are captured and consolidated in a SIEM so that activity on the production servers can be monitored and reviewed.

Account Creation

• Only authorized users with uniquely identifiable accounts are provisioned into each application.
• Each account has a complex password that expires every 90 days.

Network Account Deletions

• Accounts are disabled upon associate termination.
• Inactive accounts (with no activity for 90 days) are disabled.
• Inactive accounts (created >1 month previous with no activity) are disabled.