We take information security very seriously at Compass, and the platform is designed to have the highest level of data protection and related safeguards. We are fully compliant with the requirements of GDPR, and adhere to the principles of privacy by design and by default. This document sets out a bit more about what we’re doing.
Compass has achieved Level One compliance with the Payment Card Industry Data Security Standard (PCI DSS) – a key indicator of our commitment to ensuring the data of those who use Compass is kept secure.
Our team works every day to maximise the security and protection of our customers’ data. PCI DSS is a key part of our broader information security strategy, so we’re extremely proud to have achieved full Level One compliance.
The assessment process involved a rigorous five month review of the company’s information security posture, and included not only interrogation of our governance approach. But also penetration testing of our payment platform software by an independent security firm.
Parent and teacher communication plays a significant role in a child’s learning experience. The Compass app enables parents to engage closely with school to see how their child is performing and feeling, book their next teacher conference, pay fees easily, and get ready for the next excursion. The Compass app gives busy parents access to everything they need to know.
Compass’ network includes intrusion detection, firewalls and active monitoring systems. The security sub-layer is capable of detecting anomalies within the system to proactively prevent malicious activities and alert our security staff. Compass regularly conducts penetration and threat modeling to ensure our network is properly secure and up-to-date.
All data is hosted in a secure managed data centre within the EU.
We use Transport Layer Security (TLS 1.2) for encrypted data transfer over the internet, and all data is encrypted at rest.
Where we have our own physical offices, they have secure access control, CCTV and 24 hour security.
All data is encrypted in transit and rest to TLS 1.2 / AES 128-bit. Customer data is backed up on an hourly basis (in some circumstances at a higher frequency). Backups are stored offsite, encrypted in an immutable medium.
All system users access Compass using a secure password, with role based permissions to ensure users only have access to areas of the system they need.
Staff are logged out from browser sessions after a period of inactivity of 3 days or more.
Our engineers and support team only access the personally identifiable information of a school with the explicit permission of the school.
All schools have the option to secure their portal with two factor authentication.
We make it easy for you to generate the information needed to comply with subject access requests.
Compass are registered with the Information Commissioner’s Office. You can see our registration here.
Compass has achieved the PCI/DSS Level 1 data security standard for payments.
