Security Policy

Physical Security

Business office location: 1020 Market St., Redding, CA 96001.

Datacenter location: 1215 Integrity Drive, Richardson, TX.

Network Access

    1. Remote login
      1. VPN access from the public Internet is restricted to a subset of Compass employees only. Approval for VPN access is granted by the Network Manager upon request by the Datacenter Manager. VPN accounts are individual; there is no shared account. Individual logins are recorded on the VPN server.
      2. RDP access from the public Internet is restricted to a subset of Compass employees only. Compass employees are granted RDP access by the Network Manager upon request by the employee’s supervisor for access to specific servers. The employee’s RDP connection to a given server is controlled by Active Directory; employees are not granted global RDP access to all servers. RDP accounts are individual; there is no shared account. Individual logins are recorded in the Windows event log on the RDP server.
    2. Silo architecture.
      1. Firewalls protect application servers both from public Internet access and from the private office subnet. A group of related servers thus has two firewalls, an internal firewall and an external firewall. Developers working from the private office subnet are unable to access any servers except those appropriate to their job function.
      2. Internal firewalls filter secondly by source/destination address and protocol. Internal workstations with silo access must have static, assigned IP addresses. Addresses in the DHCP range are blocked at the firewall. Policy-based routing is employed. An internal source IP must match a set of rules governing what protocols to what destination addresses are allowed for that source; rule sets can be finely tuned to restrict a developer to only certain actions on certain servers. Once matched, the source IP is natted to a dynamic address in the target silo’s private subnet range and a dynamic route is generated to the destination. The route expires on termination of that socket connection. PAT translation also occurs for certain protocols where services within the silo use nonstandard port addressing as an additional foil to attackers; that NAT/PAT translations and dynamic routing are occurring is transparent to the user.
      3. All firewalls, internal or external, are configured with explicit deny any ACLS. Only those ports specifically required by the applications are permitted.
      4.  Firewalls are bidirectional, limiting access not only to the servers within a silo, but limiting server access outside the silo.
      5.  Firewalls are configured with antispoofing provisions, blocking addresses that should not be on the Internet, addresses that spoof our internal subnets, addresses that spoof our WAN port addresses, and any of our private subnets that have no business reason to connect to another of our private subnets.
      6.  Software firewalls are required on servers and workstations.
    3. Addressing
      1. Application servers have only private, non-publicly routable IP addresses.
      2. Publicly-published application DNS addresses are redirected by the edge router to a silo router on an unrelated subnet. At the silo router, the public address is NAT translated to a publicly unrouteable private address.
      3. Each silo uses private subnets unique to it.

QSP Application Access

    1. Access to the QSP application software is controlled by the QuickSolvePlus application server program running on the app server farm appliances. All users are required to have individual logins. Administration of user logins is performed remotely by the customer’s designated administrators. The QSP application has the ability to perform user validation itself. The QSP application has the further ability to fine-tune the user’s access within the application once they have successfully logged in. Details of both the initial login process and the separate setting of user privileges are described in a separate document.
    2. The customer is responsible for granting application access, configuring login accounts, setting access privileges, and for removing/changing access when an employee is terminated or when their job changes.
    3. Access accounts to the QSP application are entirely separate from access accounts to the equipment on which the application runs. Access accounts to the software and to the hardware are maintained on separate systems, and possession of either type of account, by design, cannot confer access to or privileges on the other.
    4. During the operation of the QuickSolvePlus system, users see the data in screens and reports via a web browser. All screens are sent over an SSL connection.

Source Code Access

    1. Source code access is controlled by Guy Clark and is described in separate documents.
    2. Access to the source code server is granted upon request from Guy Clark.

External Data Transmissions

    1. Databases and attachments are replicated in near real time to an offsite DRO location.
    2. Only inbound VPN is allowed. Outbound VPN connections are blocked.

Antivirus

    1. Servers and workstations are required to run antivirus software with current definitions. Workstations with Internet access are further required to run antispam, linkscanner, anti-portscan software. Trend Micro Deep Security is the standard software employed for servers and workstations.
    2. Servers and workstations are configured for connection to a central monitor, which enforces silo-specific update and scanning schedules, as well as any required configuration elements. The central monitor is also used to monitor scan results, software and definition versions, and other details specific to the antivirus software.
    3. Servers receive updates from designated internal update distribution servers. The antivirus system architecture is described in a separate document.

Data Retention

  1. Customer Data is retained indefinitely for all customer accounts wether active or inactive. If a customer account becomes inactive (due to cancelation of services, or default subscription payment), expressed written consent may be given by the authorized account representative for said customer to export and/or delete all data.