.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Chinese RedNote App Rises Amid TikTok Ban: New Privacy Concerns
by Peter Fellini on January 17, 2025 at 4:17 PM
As TikTok faces a looming ban in the United States, a new player has emerged on the social media stage: RedNote. Known as Xiaohongshu (Little Red Book) in China, RedNote has skyrocketed in popularity, especially among American users seeking alternatives. However, its meteoric rise com …
Shifting from a SOC 2 Type 1 Audit to a Type 2 Audit
by Jerry Hughes on January 16, 2025 at 1:50 PM
For organizations striving to showcase their dedication to strong security, availability, processing integrity, confidentiality, and privacy, SOC 2 compliance serves as a vital benchmark. However, progressing from a SOC 2 Type 1 audit to a Type 2 audit requires careful strategic plann …
Why SOC 1 and SOC 2 Are Essential for Venture Capital (VC) Firms
by Jerry Hughes on January 16, 2025 at 12:39 PM
For venture capital (VC) firms, maintaining compliance and robust security across portfolio companies is essential to reducing risks and driving long-term value. SOC audits and tailored security assessments provide a structured approach to managing financial accuracy, regulatory deman …
Understanding DoD Impact Levels for Cloud Security
by Jake Dwares on January 15, 2025 at 12:59 PM
The security of information is a cornerstone of the Department of Defense's (DoD) operations. To safeguard sensitive data, the DoD has developed Impact Levels (ILs), a framework that categorizes information systems based on their sensitivity and the potential impact of a compromise. T …
SAS 145 and IT General Controls: What Organizations Need to Know
by Bernard Gallagher on January 13, 2025 at 2:30 PM
The release of SAS 145 (Statement on Auditing Standards No. 145) represents a significant shift in how auditors evaluate and respond to the risks of material misstatements, particularly in complex IT environments. As IT General Controls (ITGCs) underpin key financial processes and rep …
Leveraging a Virtual CISO (vCISO) for SOC 2 Compliance
by Jeffrey Torrance on January 10, 2025 at 1:00 PM
In the rapidly evolving landscape of cybersecurity and data privacy, achieving and maintaining compliance with industry standards like SOC 2 is critical for businesses of all sizes. However, this process can be daunting, especially for organizations lacking the internal expertise or r …