Features | DeCompass

Comprehensive Assessment Tools

Tailored assessment modules for each standard, allowing organizations to evaluate their compliance status efficiently

Automated Risk Management

Integrated risk management functionalities to identify, assess, and mitigate risks associated with compliance requirements

Real-time Monitoring

Continuous monitoring capabilities to track the effectiveness of controls and promptly address any compliance gaps or deviations

Audit Support

Assistance with conducting second and third-party audits, including audit preparation, documentation management, and remediation tracking

Data Privacy and Protection Assessments

Specialized modules for assessing compliance with data privacy regulations such as GDPR, CCPA, NDPA, PIMS and other relevant frameworks

Documentation Management

Centralized repository for storing and managing compliance-related documents, policies, procedures, and evidence of compliance

Customizable Reporting

Customizable reporting capabilities to generate compliance reports tailored to the needs of various stakeholders, including executives, auditors, and regulatory bodies

Consulting and Advisory Services

Optional consulting and advisory services to provide expert guidance on compliance strategies, implementation, and remediation efforts

Alerts and Notifications

Automated alerts and notifications to keep stakeholders informed about compliance deadlines, upcoming audits, and important regulatory updates.

Frameworks/Services Overview

PCI-DSS (Payment Card Industry Data Security Standard):
PCI-DSS is a set of security standards designed to ensure that companies that accept, process, store, or transmit credit card information maintain a secure environment. Compliance with PCI-DSS is essential for safeguarding cardholder data and preventing fraud
ISO Standards (ISO 27001, ISO 22301, etc.):
ISO standards provide internationally recognized frameworks for information security management (ISO 27001) and business continuity management (ISO 22301). Compliance with ISO standards demonstrates an organization’s commitment to implementing robust security measures and maintaining continuity in the face of disruptions.
NDPA (Nigerian Data Protection Act):
ISO standards provide internationally recognized frameworks for information security management (ISO 27001) and business continuity management (ISO 22301). Compliance with ISO standards demonstrates an organization’s commitment to implementing robust security measures and maintaining continuity in the face of disruptions.
Cyber Intelligence Center:
A Cyber Intelligence Center is a dedicated facility or team responsible for gathering, analyzing, and disseminating intelligence related to cybersecurity threats and vulnerabilities. It serves as a centralized hub for monitoring, detecting, and responding to cyber threats in real-time.

Each framework or service offered by “The Compass” has a dedicated page providing in-depth explanations, benefits, report templates, and case studies (if available). These pages serve as comprehensive resources for organizations seeking to understand the requirements and benefits of compliance with specific frameworks or services.

Integration Options

Our services are designed to be flexible and adaptable to the unique needs of each organization. Integration options are available to combine multiple services for comprehensive cybersecurity solutions. Whether you need to integrate PCI-DSS compliance with ISO standards or incorporate cyber threat intelligence into your existing security infrastructure, “The Compass” offers seamless integration options to enhance your cybersecurity posture. Contact us to discuss how we can tailor our services to meet your specific requirements and objectives.

Get In Touch

info@decompass.com

PRIVACY POLICY

This privacy policy describes The Compass policies and procedures on the collection, use, as well as disclosure of your information when you subscribe to our services, it tells you how the law protects you and your privacy rights.

Personal Data Collected

We may ask you to provide Us with certain personally identifiable information that can be used to contact or identify you. Personally, identifiable information may include, but is not limited to:
• Email address
• Phone number
• Address
• Name
• Date of Birth

Use of your Personal Data
The company may use personal data for the following purposes:
• To provide and maintain our service.
• For the performance of a contract
• To contact you
• To provide you with news, special offers, and general information
• To manage your requests

Tracking Technologies and cookies
We use cookies to help you navigate efficiently and perform certain functions. Tracking technologies used are to improve our service. These cookies will only be stored in your browser with your prior consent. You can choose to enable or disable some or all of these cookies but disabling some of them may affect your browsing experience. You will find detailed information about all cookies under each consent category below:

Types of cookies?

Functionality Cookies
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features. The details of cookies that we capture are Browser, Country, Date, Number of visit times, IP Address, and Referrals.
Necessary Cookies
The cookies that are categorized as “Necessary” are stored on your browser as they are essential for enabling the basic functionalities of the site.
Analytics:
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Advertisement
Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

Administered by Cookeries
To whom we share your Personal data:
We share your personal data with Service providers and third-party organizations (Our Partners) based on the lawful purpose of processing.

Retention of your personal data
The Compass will retain your personal data only for as long as it is necessary for the purposes set out in this privacy policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations.

Security of your personal data
The security of your personal data is important to us and we have processes and necessary security tools in place to prevent unauthorized access or data breach

Your rights as a data subject
• Right to be Informed
• Right of Access:
• Right to Rectification:
• Right to Erasure:
• Right to Data portability:
• Right to Restrict processing:
• Right to Object:
• Right not to be subjected to a decision based solely on automated processing

Updates to this privacy policy
We regularly review and, when appropriate update this privacy policy from time to time as our services and use of personal data evolve. If we want to make use of your personal data in a way that we have not previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent. Also, we will notify you of any changes by posting the new privacy policy on this page.

CONTACT US
If you have any questions or complaints about our use of your information, we would prefer you to contact us directly so that we can address your complaint.
info@decompass.com ISMS Policy Statement
The Board and Management of The Compass which operates in the Information technology sector are committed to preserving the confidentiality, integrity and availability of all physical and electronic information assets throughout the organization, in order to preserve its asset, legal, regulatory as well as contractual, compliance and image.

The Information Security Management Systems (ISO 27001) requirements will continue to be aligned with organizational goals and is also intended to be an enabling mechanism for information sharing, electronic operations, and reducing information & Technology related risks to acceptable levels.

The Compass is committed to providing quality services to our customers, both internal and external by aligning Information Technology investments with organizational goals. The Compass has aligned its processes and operations to the requirements of the ISO27001 standard to ensure, cyber resilience, protection of its information asset and maximization of benefit/returns on IT investments.

It is, therefore, The Compass policy to ensure:
• Current strategy and Information Security Management Systems (ISMS) provide the context for identifying, assessing, evaluating, and controlling information/process/service-related risks through the establishment and maintenance of the ISMS. The risk assessment and risk treatment plan capture how identified risks are controlled in alignment with The Compass risk management strategy.
• Information security education, awareness and training are made available to all stakeholders
• All employees of The Compass and external parties identified in the Management Systems are expected to comply with this policy. All staff and certain external parties will receive or be required to provide evidence of receiving appropriate training.
• The ISMS shall be subject to continuous and systematic review with improvements adopted, where necessary.
• Management is committed to the continual improvement of the ISMS in the Organizations.
• Breach of the policy or security mechanism may warrant disciplinary measures, up to and including termination of employment/contract as well as legal action in line with the Cybercrime Prohibition Act 2015.

This Privacy Notice applies to The Compass website inquiry page (https://.decompass.com). The privacy of our Users is important to us, and we are committed to safeguarding it. Hence, this Privacy Notice explains the Personal Information and Personally Identifiable Information (PII) that we collect, why we collect it, and what we do with it.

PERSONAL DATA COLLECTED: (NAME, EMAIL ADDRESS AND ALL OTHER PIIs CAPTURED ON OUR DATA COLLECTION POINTS)

Purpose of Processing

We do not carry out automated decision-making on personal data collected. We process personal data based on consent to:
1. Respond to your inquiries and fulfill your requests.

Retention Period

InfoAssure will retain your personal data only for as long as it is necessary for the purposes set out in this privacy policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations.

Further Processing

The Compass shall request for data subject consent for additional processing of personal data other than the lawful purpose of processing stated above.
Kindly refer to our Privacy Policy for more details on our data privacy and protection culture.
By clicking “OK” you agree that The Compass can collect and process your personal data in accordance with this privacy notice and our website privacy policy.

The Board and Management of InfoAssure Limited which operates in the Information technology sector are committed to preserving the confidentiality, integrity and availability of all physical and electronic information assets throughout the organization, in order to preserve its asset, legal, regulatory as well as contractual, compliance and image.

InfoAssure Limited is committed to providing quality services to our customers, both internal and external by aligning Information Technology investments with organizational goals. InfoAssure Limited has aligned its processes and operations to the requirements of the ISO27001 standard to ensure, cyber resilience, protection of its information asset and maximization of benefit/returns on IT investments.

It is, therefore, InfoAssure policy to ensure:

Current strategy and Information Security Management Systems (ISMS) provide the context for identifying, assessing, evaluating, and controlling information/process/service-related risks through the establishment and maintenance of the ISMS. The risk assessment and risk treatment plan capture how identified risks are controlled in alignment with InfoAssure’s risk management strategy.
Information security education, awareness and training are made available to all stakeholders
All employees of InfoAssure and external parties identified in the Management Systems are expected to comply with this policy. All staff and certain external parties will receive or be required to provide evidence of receiving appropriate training.
The ISMS shall be subject to continuous and systematic review with improvements adopted, where necessary.

Management is committed to the continual improvement of the ISMS in the Organizations.

Breach of the policy or security mechanism may warrant disciplinary measures, up to and including termination of employment/contract as well as legal action in line with the Cybercrime Prohibition Act 2015.

The Board and Management of The Compass are fully dedicated to upholding the confidentiality, integrity, and availability of all physical and electronic information assets in the organization. Our commitment is essential to safeguard our assets, adhere to legal and regulatory requirements, meet contractual obligations, and preserve our reputation.

We recognize the significance of the Information Security Management System (ISMS) in accordance with ISO 27001 and the Quality Management System (QMS) aligned with ISO 9001. These integrated systems are instrumental in achieving our organizational objectives, facilitating secure information sharing, optimizing electronic operations, and effectively mitigating information and technology-related risks.

Our Policy Ensures:

The ISMS, complemented by the QMS, provides a strategic context for identifying, assessing, evaluating, and controlling information/process/service-related risks. It ensures the implementation and maintenance of robust controls aligned with our risk management strategy.
Critical elements such as business continuity and contingency plans, data backup procedures, access controls to systems, and information security incident reporting are integral to this policy. All employees of The Compass bear the responsibility of promptly reporting incidents.
Compliance with this policy is mandatory for all employees and external parties identified in the Integrated Management Systems. Adequate training will be provided to staff and certain external parties to ensure understanding and compliance.
Continuous and systematic reviews of the ISMS and QMS will be conducted, to drive improvements, maintain effectiveness, and foster a culture of continual improvement.

The management is firmly committed to sustaining the excellence of the ISMS and QMS in The Compass.

Any breach of this policy, or security mechanisms may result in disciplinary measures; including termination of employment/contract, and legal action in accordance with the Cybercrime Prohibition Act 2015.

This policy statement, reflects our organization's commitment to securing information, delivering high-quality services and continuous enhancement, tailored to the specific context of an IT GRC and Cybersecurity consulting firm. The integration of ISMS and QMS ensures an efficient and effective approach to risk management and fostering confidence among our clients and stakeholders.