Compose has a commitment to its customers that the data stored on its servers is accessible only to authorized individuals. Security best practices are employed consistently and evolve to meet the needs of its customers, and defend against emerging threats on the Internet at large.
This document addresses steps taken to ensure we are meeting those needs by describing controls and procedure applicable to systems supporting the Compose family of paid account products including backend, support, and utility infrastructure.
Security is everyone's concern, especially ours. We understand the massive responsibility we have to keep your data safe and secure. It's a top priority for us and we are working hard to make sure our systems are protected from emerging threats. We also know we can't do it alone and community feedback and input is part of our process to ensure we're doing the best we can.
We operate a security disclosure program for the responsible disclosure, remediation, and credit of discovered security vulnerabilities regardless of where they might be found within the Compose architecture.
Compose enlists the services of globally-recognized information security firms to assist in third-party security audits, recommendations in best practices, and application security guideline development.
Compose's infrastructure is hosted in a variety of datacenters in order to ensure the fastest and most secure transmission of data between platforms. Our infrastructure partners hold one or more of the following accreditation:
- ISO 27001
- SSAE16 SOC-1 Type II/ISAE 3402 (previously SAS70 Type II)
- SOC 2 - Security
- SOC 3
- PCI Level 1
- FISMA moderate
Compose uses the PCI-compliant payment processor Stripe for encrypting, transmitting, and processing credit card payments.
Only properly trained, credentialed Compose staff are permitted access to specific infrastructure equipment and must document activity with security prior to and after site access. Access to Compose datacenter infrastructure is limited only to those who have a distinct business need for access, and access is revoked if that need is no longer justified.
All facilities housing Compose infrastructure is protected against failure by utilizing highly-available redundant systems, often in N+2 configuration. These protections include the following systems:
- Fire detection, suppression, and alerting
- Power monitoring and redundancy with automatic failover
- Climate control, monitoring, and alerting
Compose infrastructure resides in datacenters with long histories of competent, comprehensive physical security procedures. Facilities are nondescript, have numerous safeguards against perimeter intrusion, and utilize multi-level biometrics and other physical security safeguards to restrict access to the datacenter itself as well as regions on the datacenter floor.
Datacenters are manned with security staff as well as operations staff that monitor, maintain, and react to any physical issue as it arises in realtime.
Compose utilizes best-practice security measures within its internal systems as well as customer-facing infrastructure. Compose employees are granted access only to those systems and system features deemed necessary for the completion of their role as part of a "least required" access provisioning methodology. These access levels are reviewed regularly to ensure as roles change, access remains as limited as absolutely necessary.
Systems are managed such that security vulnerabilities can be mitigated via centrally managed patch repositories and configuration compliance mechanisms. Routine vulnerability scans and penetration tests are performed to expose any lapses in preventative network access controls.
Customer data is segregated into discrete, isolated environments that cannot interact with other customers, their data, or their processes. These isolated environments operate with their own allocated system resources such that one customer exhausting resources allocated to their environment will not cause harm to adjacent environments on the same physical platform. We utilize these technologies on all platforms, shared and dedicated, out of an abundance of care.
Compose leverages provider-supplied "backend" network access, where available, to facilitate direct instance-to-instance communication instead of utilizing Internet-facing systems. Because this functionality varies between providers, we have automated mechanisms in place that will determine if private network access is available and activate it automatically, with no changes to customer applications necessary.
Data is never transmitted over a network that has visibility into adjacent user data. We utilize network Access Control Lists as well as 802.1q VLAN segmentation to ensure each customer environment is entirely autonomous.
Compose does not access customer data or customer environments as part of day-to-day operations. When customers request support, authorized Compose employees are able to view customer data and will only do so when specifically requested or when required such as making recommendations to improve query speed, index creation, and so forth. All Compose employees are trained and understand that customer data privacy and confidentiality is paramount, and under no circumstances is customer data ever disclosed to a third-party. Only a limited subset of Compose employees have the ability to view customer environments such that stored data is accessible. Access is routinely evaluated to ensure those rights are retained only when necessary by job function.
All system access is logged such that any unauthorized access can be tracked and individual user actions audited.
Terminated account data is securely erased from production systems at the time of account, database, or deployment removal. Backup data for terminated accounts remains in archive for a short period to allow for recovery from accidental deletion. Immediate purging of backup data is available upon request.
Compose hardware that reaches End-of-Life status is securely destroyed by our datacenter partners using NIST and DoD-published standards. Certificates of complete physical destruction, including photos, are kept on file. Media such as hard drives and solid state storage are destroyed using degaussing machines specifically designed for computer equipment, followed by total physical destruction using a multi-ton, purpose-built punch press.