The Scout Association treats the safety and security of its member data as a main priority. For these reasons The Scout Association has spent considerable time and funds designing and testing Compass to ensure that data is held securely in accordance with the Data Protection Act, General Data Protection Regulations (GDPR) and industry standards. The two external companies contracted to host Compass both comply with international data security standards and, where applicable, are certified by the BSI (British Standards Institute) and have all achieved International Organization for Standardisation (ISO) certification status. The Scout Association has also employed highly regarded contractors to ensure compliance with data protection legislation, and also ensures that the system undergoes regular security testing.
The system has been designed to restrict access at different levels of the database to those that have authorisation to use it. The hierarchy of Scouting is reflected in the authorisation matrix and we have an inbuilt audit trail for all transactions so that users and their use can be identified. Every adult with a leadership role, and hence with access authorisation rights within Compass, would have gone through a stringent appointment process and will be subject to the Policy, Organisation and Rules (POR) of the organisation which lay down strict guidelines in respect of use of their use of system and their duty to ensure compliance with data protection.