.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Essential Elements of an Effective Virtual CISO (vCISO) Program
by CJ Hurd on October 30, 2024 at 4:32 PM
In today's digital world, organizations face more cyber threats than ever before. With attacks becoming increasingly complex and frequent, businesses need strong cybersecurity leadership to stay ahead. That's where a Virtual Chief Information Security Officer (vCISO) comes in—a smart …
What Happens if You “Fail” a SOC 2 Examination?
by Jerry Hughes on October 25, 2024 at 9:43 AM
We understand that the SOC 2 audit process is a complex and vital step for businesses looking to demonstrate their commitment to data security, privacy, and trust. But what happens if you “fail” a SOC 2 examination? What does failure even mean in this context?
What Is a SOC 2 Bridge Letter?
by Jerry Hughes on October 22, 2024 at 2:45 PM
In today’s business environment, trust and transparency are components of building lasting relationships with clients and stakeholders. As organizations turn to third-party vendors and service providers, demonstrating compliance with industry standards has never been more crucial. One …
Tesla Optimus Robots - A New Attack Surface for Hackers?
by Nicholas Foisy on October 22, 2024 at 11:10 AM
Tesla's Optimus robot is an ambitious step towards bringing advanced robotics into everyday life, designed to handle repetitive and physically demanding tasks. While it offers exciting potential, it also raises concerns about safety, privacy, and security. As Tesla moves closer toward …
SOC 2 vs. C5 Compliance: A Comprehensive Guide
by Jerry Hughes on October 21, 2024 at 1:03 PM
As organizations increasingly rely on technology to manage sensitive information, compliance with industry standards becomes paramount. Two prominent frameworks that help organizations demonstrate their commitment to security and privacy are SOC 2 and C5. While both aim to establish t …
The Value of Penetration Testing in SOC 2 Audits
by Jerry Hughes on October 18, 2024 at 10:00 AM
Where data breaches and cyber threats have become increasingly common, organizations adopt robust security measures to protect their sensitive information. For businesses seeking SOC 2 compliance, penetration testing (pen testing) serves as an invaluable tool in assessing and enhancin …
Will SOC 2 Replace ISO 27001 in Europe?
by Jerry Hughes on October 16, 2024 at 12:30 PM
As organizations in Europe increasingly prioritize data security and compliance, the question of which standards to adopt becomes critical. Among these standards, System and Organization Controls (SOC 2) and International Organization for Standardization 27001 (ISO 27001) stand out as …
New York Implements Stricter Hospital Cybersecurity Regulations
by William DePalma on October 15, 2024 at 5:06 PM
On October 2, 2024, New York State implemented groundbreaking cybersecurity regulations specifically targeting the state’s general hospitals. These regulations are a significant step forward in safeguarding sensitive patient data and healthcare operations, marking a notable shift in h …
HECVAT vs. SOC 2: Find Out the Difference
by William DePalma on October 10, 2024 at 3:30 PM
Organizations today, particularly those handling sensitive data or offering IT services, must respond to mounting calls for transparency on security and compliance procedures. Two such frameworks that fulfill this need are the Higher Education Community Vendor Assessment Toolkit (HECV …
Does Fitbit App Collect Sensitive Data? Exploring Privacy Questions
by Nicholas Foisy on October 10, 2024 at 1:20 PM
Wearable technology like Fitbit has become a key tool for people looking to monitor and improve their health. However, as these devices collect and store significant amounts of health data, it’s natural for users to have concerns about privacy, security, and how their information is h …
What Are the 3 Important Rules for HIPAA Compliance?
by Kyle Daun on October 9, 2024 at 12:00 PM
HIPAA is designed to protect patient information and ensure its secure handling. As healthcare continues to digitize, compliance with HIPAA’s key regulations is critical for safeguarding sensitive data and maintaining patient trust. This blog post highlights the essential rules health …
What is a SOC 2 Gap Assessment? The First Step to Compliance
by Jerry Hughes on October 8, 2024 at 12:00 PM
A SOC 2 gap assessment is a crucial step for organizations aiming to achieve SOC 2 compliance, especially those providing services like cloud computing, SaaS, and other technology-driven solutions that manage sensitive customer data. From my personal perspective, a SOC 2 gap assessmen …
SOC 2 Common Criteria List: CC-Series Explained
by Jerry Hughes on October 4, 2024 at 2:30 PM
SOC 2, a widely recognized auditing framework developed by the American Institute of Certified Public Accountants (AICPA), is designed to assess the effectiveness of a service organization’s controls around data security. The SOC 2 report is based on the five Trust Services Criteria ( …
SOC 2 vs. NIST: A Comprehensive Comparison
by Jerry Hughes on October 2, 2024 at 1:00 PM
When comparing SOC 2 and NIST frameworks, it is essential to understand their respective roles in cybersecurity, compliance, and risk management. Both frameworks provide guidance for organizations seeking to protect sensitive data and ensure security, but they are designed with differ …