.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Internal vs External Penetration Testing: What's The Difference?
by Peter Fellini on September 27, 2024 at 10:15 AM
A penetration test, also known as a pen test, is a controlled, simulated cyberattack designed to uncover vulnerabilities that could be exploited in an organization's security. These tests can be carried out either internally or externally. Understanding the difference between internal …
Their Risk is Our Risk (Case Study Draft)
by Brian Kelly on September 25, 2024 at 3:20 PM
This case study, created by Compass IT Compliance and commissioned by the Scholarly Networks Security Initiative (SNSI), aims to pinpoint threats to higher education institutions and propose measures to safeguard the integrity of scientific records, scholarly systems, and user persona …
SOC 2 Password Requirements - A Simple Guide
by Jerry Hughes on September 24, 2024 at 3:45 PM
The SOC 2 (System and Organization Controls 2) is a framework for managing and securing data based on criteria established by the AICPA (American Institute of Certified Public Accountants). It is used to assess and report on the controls of service organizations related to data securi …
Data: The Secret Sauce to Surviving Business Disasters
by William DePalma on September 18, 2024 at 12:30 PM
More than money, information is the lifeblood of any organization. From customer records to financial reports, the data your business generates and stores is integral to its day-to-day operations. However, many companies overlook a critical aspect of managing this valuable resource: u …
Big vs. Small CPA Firms: Which Fits Your SOC 2 Needs?
by Jerry Hughes on September 17, 2024 at 1:00 PM
Choosing the right CPA firm for a SOC 2 audit is a crucial decision for any organization seeking to demonstrate its commitment to data security, availability, processing integrity, confidentiality, and privacy. SOC 2 (System and Organization Controls 2) reports are essential for servi …
What Platforms Are SOC 2 Compliant? Find Out Here!
by Nicholas Foisy on September 13, 2024 at 1:20 PM
SOC 2 compliance has become a critical benchmark for organizations handling sensitive customer data. For businesses looking to maintain trust and meet industry standards, SOC 2 compliance is often a non-negotiable requirement. The following article provides a breakdown of whether vari …
Understanding the Difference Between HIPAA & HITRUST
by Mick Fitton on September 12, 2024 at 11:30 AM
When it comes to protecting sensitive health information, organizations must navigate a complex landscape of laws and frameworks designed to ensure data privacy and security. HIPAA, the Health Insurance Portability and Accountability Act, and HITRUST, the Health Information Trust Alli …
ISO 27001 vs. SOC 2: Discover the Differences
by Jerry Hughes on September 10, 2024 at 1:00 PM
ISO 27001 and SOC 2 are both essential frameworks for ensuring information security, but they are designed for different purposes and cater to several types of organizations. Understanding the answer to the question, “what is the difference between SOC 2 and ISO 27001?” is crucial for …
Penetration Testing Phases: Steps in the Process
by Jesse Roberts on September 6, 2024 at 1:00 PM
As cyber threats continue to grow in complexity and frequency, the need for regular penetration testing has become more critical than ever for organizations aiming to safeguard their sensitive data and systems. A well-executed penetration test follows a structured process designed to …
Exploring Rakuten Privacy and Data Collection Concerns
by Nicholas Foisy on September 6, 2024 at 11:22 AM
Rakuten is a popular platform for earning cashback on purchases, but like many online services, it comes with some privacy concerns. The platform collects and shares user data, which could raise questions for those who prioritize privacy. While the savings are appealing, it is importa …
Achieving SOC 2 Compliance for Artificial Intelligence (AI) Platforms
by Jerry Hughes on September 4, 2024 at 1:09 PM
Achieving SOC 2 compliance for Artificial Intelligence (AI) platforms is crucial for building trust with clients and stakeholders, especially as AI becomes increasingly integrated into critical business operations. SOC 2 compliance demonstrates that an AI platform has effective contro …