CompTIA
Trust Center

CompTIA is the world’s leading technology trade association and IT certification body. Our credibility depends on keeping your information protected and secure.

Learn More
Security Center

Overview

CompTIA is the world’s leading technology trade association and IT certification body. Our credibility depends on keeping your information protected and secure. We value transparency and provide on-demand access to live external vulnerabilities and remediation at  CompTIA’s Security Scorecard. Current systems availability is always up-to-date at  CompTIA Systems Status.

CompTIA applies the  NIST Cybersecurity Framework (CSF)  to guide our risk and security posture. Our audits align with the CSF, which includes how our key vendors and business partners protect your data. CompTIA’s Board of Directors provides top-down governance and guidance for technology risk.

Many of our industry-leading IT certifications  are accredited under ISO/IEC 17024, the globally industry-recognized benchmark for personnel certifications. CompTIA follows its specific policies and procedures that ensure stringent privacy and security controls for candidates and alumni.

CompTIA also operates the  CompTIA ISAO, an industry threat-sharing organization. This organization provides detailed threat guidance by on-staff information security professionals who work directly with our internal technology teams.

Standards

iso comptia
GettyImages-1336696663
Privacy

CompTIA is committed to securing and maintaining the confidentiality and integrity of all collected data.

Staff take annual privacy training on best practices and select regulations. Tailored training is provided to employees handling sensitive information, guided by our data classification scheme. Comprehensive information on our privacy protections is available at our  Privacy Center.

For individuals who would like to exercise their data removal rights, please visit our  Data Subject Request Form.

Our privacy team is available to address privacy matters and can be contacted at [email protected].

Governance

CompTIA follows best practices for information security program oversight and management.

Leadership  - CompTIA maps to cyber governance guidelines with Information Security reporting directly to CompTIA’s CEO. The Chief Information Security Officer also works closely with CompTIA’s Board of Directors’ Risk Committee.

  • Aligns with US Computer Emergency Readiness Team (US-CERT)
  • Aligns with the National Institute of Standards and Technology (NIST)

Policy Development and Management  - CompTIA maintains a robust set of technology policies and procedures, reviewed at least annually, for all staff to guide the proper use of systems and data. Technical staff have access to additional policies for information security, infrastructure, and privacy guidance. 

GettyImages-1302681337
GettyImages-1336696678
Resilience & Continuity

CompTIA maintains tactical plans and procedures that are regularly stress tested and reviewed.

To ensure the availability of our services, CompTIA maintains and tests our Business Continuity, Disaster Recovery, Incident Response, Backup, and other tactical plans and procedures at least annually.

CompTIA’s Information Security Team ensures these policies are effective and realistic through internal and external audits, internal and external vulnerability scans, real time reporting tools, and staff feedback to the Information Security Team.

Information Security Infrastructure

CompTIA uses layers of modern security technology to keep your data secure.

We maintain a 24x7x365 Security Operations Center and a 24x7x365 Network Operations Center for critical system monitoring and triage.

We scan all new systems before rollout with multiple tools and processes, with real-time monitoring for our critical systems. Annual 3rd party Information Security assessments, penetration tests, and audits add further assurance for CompTIA’s product and service delivery.

  • Vulnerability Disclosure Program through  HackerOne  (Invitation Only)
  • MDR, XDR & SIEM solutions to monitor and protect user endpoints and cloud and on-premise environments
  • Next-gen Firewall and IPS systems
  • Ongoing Logging for all critical systems
  • Automated supply chain monitoring
  • Automated Failover and Geo Distribution
  • Ongoing Security Vulnerability Scans
  • Automated Patching and Vulnerability Management
  • Routine PCI Scans
GettyImages-1336696139
GettyImages-1302681298
Product Security

CompTIA’s development process designs products for secure and reliable use.

CompTIA’s products, including membership programs, training, and certification exams, are dynamic and frequently expand in scope. Security efforts are constant and consistent across each set of products, keeping our products available and ready for you to use.

  • Single Sign-On (SSO) for exam delivery and training products
  • Multi-Factor Authentication in place for all internal development and product management efforts
  • Mature Continuous Integration / Continuous Delivery (CI/CD) Pipeline Management
  • Major Cloud Provider with high availability and advanced security support
  • Customer Data Encrypted At Rest and In Transit
  • Robust and regularly tested backup strategy for data and systems
  • Cyber insurance policy reviewed and renewed annually
  • Exam Security Monitoring
Staff Training & Access

CompTIA’s staff uses industry-leading tools to train and protect your data year-round.

Education -  All CompTIA staff receive ongoing enterprise-class cybersecurity training, including annually reviewing CompTIA’s cybersecurity policy. Staff also participate in live simulations and tabletop exercises to practice incident response, ultimately highlighting continuous areas for improvement. Staff with elevated access undergo customized training dependent on job roles and organizational needs. Specific staff roles are required to obtain and maintain appropriate CompTIA and industry security certifications.

Access Control -  Multi-factor authentication is in place for all CompTIA staff and systems, using industry best practices for least-privileged system access.

  • Complex Password Policy Enforced across all accounts
  • Internal SSO and accompanying MFA across the enterprise
  • Role-Based Access Control
  • Physical access controls in all CompTIA locations 
  • Zero trust access
  • Data Loss Prevention tools and techniques to protect customer data
GettyImages-1336696673
GettyImages-1336696673
Supply Chain Oversight

CompTIA deploys best-in-class 3rd party tools and services to delight its members and customers.

We partner with industry-leading vendors to provide our staff, members, and customers with tools, services, and systems. All systems and vendors are cataloged and reviewed frequently, and a cross-functional technology and business team rigorously vets new technology additions.  

For 3rd party systems containing sensitive data, we engage directly with their information security teams. We monitor select vendors’ security posture through automated, point-in-time scans and often collaborate on bug bounty programs.

Your data

For CompTIA’s trusted member, partner, and customer communities, we welcome the opportunity to discuss the security of your customer and end-user data. Please contact your business development manager to schedule a discussion with CompTIA’s Information Security team.

GettyImages-1126176066