Compass employs these security commitments consistent with industry best practices to maintain the confidentiality, integrity, and availability of data resources:
IT Security Policies
- The company maintains relevant IT Security policies on our intranet for associate reference. The policies are updated annually.
- All production servers are housed in our secure data center. This data center is monitored by staff 24/7.
- All servers are backed up in a manner consistent with industry best practices.
- Monthly security patches are applied.
- When a critical patch is released outside the normal patch schedule, a security engineer will analyze the risk and, if deemed essential, the patch will be addressed as a priority.
- Each application is scanned weekly and a third party penetration test run annually.
Up-to-Date Anti-Virus and Anti-Malware Software
- Up-to-date anti-virus and anti-malware software has been installed on each server and workstation in the Compass network.
Security Event Logging
- Event logs are captured and consolidated in a SIEM so that activity on the production servers can be monitored and reviewed.
- Only authorized users with uniquely identifiable accounts are provisioned into each application.
- Each account has a complex password that expires every 90 days.
Network Account Deletions
- Accounts are disabled upon associate termination.
- Inactive accounts (with no activity for 90 days) are disabled.
- Inactive accounts (created >1 month previous with no activity) are disabled.
Let’s Talk About the Right Solution for Your Organization
Get in touch to discuss how Crothall Healthcare’s services and solutions can help your healthcare organization exceed its goals. You’ll learn more about:
- The transparency we bring to outsourced support services
- How we design customized solutions for your unique needs
- The technology and innovation Crothall delivers across all our services