CompTIA is the world’s leading technology trade association and IT certification body. Our credibility depends on keeping your information protected and secure. We value transparency and provide on-demand access to live external vulnerabilities and remediation at CompTIA’s Security Scorecard. Current systems availability is always up-to-date at CompTIA Systems Status.
CompTIA applies the NIST Cybersecurity Framework (CSF) to guide our risk and security posture. Our audits align with the CSF, which includes how our key vendors and business partners protect your data. CompTIA’s Board of Directors provides top-down governance and guidance for technology risk.
Many of our industry-leading IT certifications are accredited under ISO/IEC 17024, the globally industry-recognized benchmark for personnel certifications. CompTIA follows its specific policies and procedures that ensure stringent privacy and security controls for candidates and alumni.
CompTIA also operates the CompTIA ISAO, an industry threat-sharing organization. This organization provides detailed threat guidance by on-staff information security professionals who work directly with our internal technology teams.
Staff take annual privacy training on best practices and select regulations. Tailored training is provided to employees handling sensitive information, guided by our data classification scheme. Comprehensive information on our privacy protections is available at our Privacy Center.
For individuals who would like to exercise their data removal rights, please visit our Data Subject Request Form.
Our privacy team is available to address privacy matters and can be contacted at [email protected].
Leadership - CompTIA maps to cyber governance guidelines with Information Security reporting directly to CompTIA’s CEO. The Chief Information Security Officer also works closely with CompTIA’s Board of Directors’ Risk Committee.
Policy Development and Management - CompTIA maintains a robust set of technology policies and procedures, reviewed at least annually, for all staff to guide the proper use of systems and data. Technical staff have access to additional policies for information security, infrastructure, and privacy guidance.
To ensure the availability of our services, CompTIA maintains and tests our Business Continuity, Disaster Recovery, Incident Response, Backup, and other tactical plans and procedures at least annually.
CompTIA’s Information Security Team ensures these policies are effective and realistic through internal and external audits, internal and external vulnerability scans, real time reporting tools, and staff feedback to the Information Security Team.
We maintain a 24x7x365 Security Operations Center and a 24x7x365 Network Operations Center for critical system monitoring and triage.
We scan all new systems before rollout with multiple tools and processes, with real-time monitoring for our critical systems. Annual 3rd party Information Security assessments, penetration tests, and audits add further assurance for CompTIA’s product and service delivery.
CompTIA’s products, including membership programs, training, and certification exams, are dynamic and frequently expand in scope. Security efforts are constant and consistent across each set of products, keeping our products available and ready for you to use.
Education - All CompTIA staff receive ongoing enterprise-class cybersecurity training, including annually reviewing CompTIA’s cybersecurity policy. Staff also participate in live simulations and tabletop exercises to practice incident response, ultimately highlighting continuous areas for improvement. Staff with elevated access undergo customized training dependent on job roles and organizational needs. Specific staff roles are required to obtain and maintain appropriate CompTIA and industry security certifications.
Access Control - Multi-factor authentication is in place for all CompTIA staff and systems, using industry best practices for least-privileged system access.
We partner with industry-leading vendors to provide our staff, members, and customers with tools, services, and systems. All systems and vendors are cataloged and reviewed frequently, and a cross-functional technology and business team rigorously vets new technology additions.
For 3rd party systems containing sensitive data, we engage directly with their information security teams. We monitor select vendors’ security posture through automated, point-in-time scans and often collaborate on bug bounty programs.
For CompTIA’s trusted member, partner, and customer communities, we welcome the opportunity to discuss the security of your customer and end-user data. Please contact your business development manager to schedule a discussion with CompTIA’s Information Security team.