CompTIA is the world’s leading technology trade association and IT certification body. Our credibility depends on keeping your information protected and secure. We value transparency, providing on-demand access to live external vulnerabilities and remediation at CompTIA’s Security Scorecard.
CompTIA applies the NICE framework to guide our risk and security posture. Our audits are aligned to NIST standards, with key vendors layering additional controls and defenses. CompTIA’s Board of Directors provides direct top down governance and guidance.
Many of our industry leading IT certifications are accredited under ISO/IEC 17024, a global industry-recognized benchmark for personnel certifications that demands high privacy and security controls.
CompTIA also operates an industry threat sharing organization, the CompTIA ISAO, which shares threat information and advice from seasoned security professionals directly with our internal technology teams.
Comprehensive information on our privacy protections is available at our Privacy Center.
Our privacy team can be contacted at any time at [email protected]
Resilience - To ensure availability of our services, CompTIA maintains and tests our Business Continuity, Disaster Recovery, Incident Response, and other tactical plans and procedures no less than annually.
CompTIA’s Information Security Team ensures these policies are effective and realistic for our business operations through internal and external audits, internal and external vulnerability scans, reporting tools and feedback to the Chief Information Security Officer.
Governance - In line with leading cyber governance guidance, Information Security reports directly to CompTIA’s CEO, with the Chief Information Security Officer also collaborating routinely with our Directors on the Audit and Investment Committee.
We maintain a 24x7x365 Security Operations Center (SOC) as well as a 24x7x365 Network Operations Center for critical systems.
We scan all new systems prior to rollout with multiple tactics, with ongoing monitoring for critical and PCI systems. Both structured and unstructured penetration testing occur throughout the year.
All CompTIA staff receive ongoing enterprise class cybersecurity awareness, and collectively work together to protect our customers and association. Multifactor authentication is in place for all CompTIA staff and systems, with industry best practices in place for system access.
We frequently partner with industry leading vendors to provide tools and systems. For key systems with customer data, we engage directly with their security teams and monitor their security posture through various automated and point in time scans.
For CompTIA’s trusted partner and customer community, we welcome the opportunity to discuss the security of your candidate and customer data at any point. Please contact your business development manager to arrange a discussion with CompTIA’s security team.