30 January 2015

The February issue of Scouting magazine will be arriving with members around now and we want to acknowledge that the Housekeeping section on Compass went to print and distribution before the decision to take Compass offline on 28 January. Our apologies the information in the magazine is therefore not reflective of the situation right now with Compass and for any confusion this may cause.

Update from Alexis Cheshire

Firstly I would like to echo Matt and Wayne and apologise to all our members and volunteers regarding the current situation. You all work extremely hard to deliver scouting and the current situation with Compass has put an increased pressure on you all. It is unacceptable.
Through these updates, I hope to provide you with some reassurance that I honestly do understand your valid frustrations and I deeply care about providing you all with the tools and support you need to deliver the life-changing experiences for our members.

It is my responsibility to deliver this for you and this is my number one priority.
A number of things have gone seriously wrong, and I need to be honest with you. At the current moment we are investigating a potential security issue around the access rights for existing members registered with Compass. As a result I made the decision, that to protect the data we hold, we should switch off Compass. This decision was not taken lightly, but I believe that the protection of this data as our highest priority. Any risk to its integrity should be treated with the utmost importance.

We have no evidence that a breach of our systems has taken place but please be reassured we are investigating this thoroughly using independent, professional and accredited expert to assess the potential risk, scope and scale of this issue. We contacted the Information Commissioner ourselves and are keeping them updated with the progress of our investigations.

At this stage I am unable to provide an exact timescale today as to when Compass will be back online. Honesty is the best policy in situations like this and what I do know is that I will have a clearer picture on this issue next week and will provide you all with an update then.
Whilst we work closely with our suppliers on the Compass to investigate the issues we flagged on Wednesday, we are also dedicating our time in a number of important areas. These are as follows:

1) Ensuring we can provide members in England and Wales with a way to complete disclosure checks whilst Compass is offline. A system to allow this is being tested and we will update roles who process this task directly next week.

2) Providing a way in which the census can still take place with the member and youth data that has been collated and prepared locally. The youth data upload process is a secure system that can work independently from Compass. Work is being done now to get this back online as soon as possible. Please do continue to prepare your youth data spreadsheets ready to upload as we continue to work towards 15 February deadline. More information will be shared next week with those roles heavily involved in this upload process once we have a clear solution for this.

3) Take the time to review all bugs, issues and areas of confusion you as members have reported to us since the launch of Compass and be able to share the areas being worked on, or will be scheduled for work so there is more clarity over the known issues and the priority the fix to that issue is being given.

4) We will also be taking the time in the offline period to reflect and radically rethink how we reintroduce Compass when it is ready to ensure lessons learned from the first few months are taken on board and to act on what you have fed back to us about Compass as a system and also its implementation.

I am sorry that I cannot give more firm timelines at this stage but it is important we are honest with you about this and not set a false hope or expectation. Please be assured that all feedback is being listened to and collated in order to make Compass the system you deserve. We will share this list on www.scouts.org.uk/compass soon so you can openly see the areas required for improvement.

For all members wanting to keep track of progress on Compass and next steps please do keep watch on the Latest Updates page on www.scouts.org.uk/compass where I will personally be logging all progress and updates.

28 January 2015

As part of our investigations into an issue raised by one of our members, we have identified a potential security vulnerability in Compass. To our knowledge no breach has occurred but in line with our commitment to you that the confidentiality and security of our data is our number one priority, and in agreement with our development contractors, we have made the decision to turn Compass off with immediate effect.  This is to ensure that the potential vulnerability cannot be exploited.

You will remember that Compass is only accessible to registered members of the Movement.  We would like to thank our members for their vigilance and support in identifying this issue and welcome any input that helps improve the overall quality and integrity of Compass.

With the agreement of our contractors, we have engaged a global provider of information security that has the world’s largest security testing team at our disposal . This company has not been involved in the system security work up until now and will be performing a full audit of Compass at the source-code level, combined with in-depth penetration testing.  It is expected that this will validate the security audit work already undertaken, whilst providing a valuable second opinion.

The system will remain offline until any and all security issues are resolved satisfactorily and we can turn on the system with the knowledge that the data held on it is secure. It is not clear at this stage just how long this will take but we will keep you updated regularly via the user forum on www.scouts.org.uk/compass and through the usual channels.

Leaders should continue to populate their youth data upload spreadsheets as before, ready to upload when advised. Work is being undertaken on the contingencies to enable us to complete census using the youth data upload facility, which remains secure and cannot be seen.  We are also working to ensure that new volunteers and disclosure checks (for those in England and Wales) can continue to be processed.

Compass – Restricted Functionality

Compass – Restricted Functionality

Compass is online but we have restricted some functionality whilst we investigate reports of a critical bug. This affects BOTH Adult & Youth Joining Processes but does NOT affect the Bulk Youth Upload process.  This also includes the ‘Add Parent’ functionality when editing a Young Persons record.