Compass IT Compliance Blog

IT GRC - Let's Talk About Risk!

by Geoff Yeagley on July 28, 2016 at 10:18 AM

hacker-1446193_1280.jpg

Earlier this week we discussed IT Governance, Risk, and Compliance (IT GRC) with a specific focus on IT Governance. To read more of that post, click here. Today we are going to focus on the second component of IT GRC, IT Risk. In keeping with consistency, Gartner defines IT Risk as "t …

Read Story

Topics: Risk Management IT GRC

IT GRC - What is IT Governance?

by Geoff Yeagley on July 26, 2016 at 10:00 AM

A group of professionals holding iPads meets

In the world of Information Security, acronyms are a way of life. In fact, we often refer to all these different acronyms as "alphabet soup." Keeping track of what they all mean and what they stand for can be challenging. With that in mind, over the next 3 blog posts, we are going to …

Read Story

Topics: IT GRC IT Governance

SSAE 16 SOC 2 Report: The 5 Trust Principles

by Geoff Yeagley on July 20, 2016 at 10:00 AM

stockvault-cyber-security-concept-with-red-padlock-on-data-screen180401.jpg

Over the past several weeks, we have been digging in to the SSAE 16 SOC 2 reports. We have looked at what a SOC 2 report is, the differences between a Type I and Type II report, and why the Section III is so important. This week we are going to look at what are called the 5 Trust Serv …

Read Story

Topics: Security IT Audit SOC 2 SSAE 16

AT 101 SOC 2 Report: What is a Section III?

by Geoff Yeagley on July 13, 2016 at 10:10 AM

castle-979597_640.jpg

In the last couple of posts, we talked about how an AT 101 SOC 2 report differs from a SOC 1 and SOC 3 report and also what the differences are between a SOC 2 Type I and Type II report. In this post, we are going to continue dissecting the different terminology and components of the …

Read Story

Topics: Security IT Audit SOC 2 SSAE 16

See all

See all

Subscribe by email