Security and Data Protection in Digital Compass

Information security is one of Digital Compass’s top priorities. Digital Compass is committed to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality. This document describes, in high level, Digital Compass’s approach to information security and data protection.

How do we help secure our client’s records and other data?

To ensure security and privacy of our customer’s data, we provide end to end traffic encryption capability (https). End to end traffic encryption ensures that data in transit is encrypted and protected from snooping. User passwords are securely stored and password policy is configured to only allow complex passwords.

Security Standards – Digital Compass is PCI-DSS Level1 certified. Our applications are hosted in the state of the art secure Amazon AWS cloud infrastructure which is compliant with most significant standards and regulations such as PCI-DSS, HIPAA, ISO 27001 and SOC 1/2/3.

Patch Management – Our systems are automatically updated to ensure all systems have the latest critical security patches applied.

Online payments security

Digital Compass is PCI-DSS certified. The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. Certification confirms that we:

  • Build and maintain a secure network and systems
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

For more information on PCI DSS, please visit pcisecuritystandards.org

What do we do with our customer’s data?

As part of Digital Compass operations, it is needed to obtain and process information. This information includes any offline or online data that makes a person identifiable (PII) such as names, addresses, usernames and passwords, digital footprints, photographs, social security numbers, credit card numbers, financial data, phone numbers, etc.

Our company collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, we make sure it is not misused.

Data we protect will be:

  • Accurate and kept up-to-date
  • Collected fairly and for lawful purposes only
  • Processed by the company within its legal and moral boundaries
  • Protected against any unauthorized or illegal access by internal or external parties

Data we protect will not be:

  • Communicated informally
  • Stored for more than a specified amount of time
  • Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)

Who owns the data?

Digital Compass customer’s are owners of their data. Customers can download contact lists, reports and other important records at any time in CSV or PDF format.

In addition to ways of handling the data, Digital Compass has direct obligations towards people to whom the data belongs. Specifically we will:

  • Let people know which of their data is collected
  • Inform people about how we’ll process their data
  • Inform people about who has access to their information
  • Have provisions in cases of lost, corrupted or compromised data
  • Allow people to request that we modify, erase, reduce or correct data contained in our databases

Processes and procedures used to ensure security

Digital Compass follows best practices while designing its cloud based infrastructure and security processes and procedures.

  • All users are trained and required to follow internal security policies which includes keeping their endpoint devices up to date with security patches and latest antivirus updates.
  • Our infrastructure is protected by VPN access, firewalls, malware protection tools, etc.
  • Our infrastructure is updated and patched on regular basis.
  • Our infrastructure is monitored 24/7/365.
  • Our critical servers are backed up periodically.
  • Connection to internal environment requires Multi-factor authentication.
  • Subset of internal users have access to database where customer’s data is stored.
  • Customers can only access their portion of data using web or mobile interface.
  • Database is stored on an encrypted volume.
  • Customer’s data is being kept in internal database hosted in our environment.
  • Customer’s data is being kept for a specific period of time or until customer stops using Digital Compass service.
  • Procedure for reporting privacy breaches or data misuse have been established.