Jerry Hughes

Jerry Hughes

Jerry Hughes, a founding member of Compass IT Compliance, LLC, has over 35 years of experience helping companies become compliant with internal, industry and government regulations such as PCI-DSS, Sarbanes-Oxley, HIPAA, and GLBA. Mr. Hughes, a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE) has extensive IT auditing experience, especially within the financial industry and the retail sector. He carries an undergraduate degree in Applied Mathematics for Engineers and a minor in Computer Science from the University of Rhode Island. Mr. Hughes has helped develop Compass IT Compliance, LLC into one of the nation's premier consulting firms in the areas of IT governance, assurance, security, and compliance services.

Posts by Jerry Hughes

Why SOC 1 and SOC 2 Are Essential for Venture Capital (VC) Firms

by Jerry Hughes on November 19, 2024 at 1:30 PM

Venture Capital SOC Audit

For venture capital (VC) firms, maintaining compliance and robust security across portfolio companies is essential to reducing risks and driving long-term value. SOC audits and tailored security assessments provide a structured approach to managing financial accuracy, regulatory deman …

Read Story

Topics: Compliance SOC 2

Year-End Audit Crunch: Preparing for SOC 2 When Everyone Else Is

by Jerry Hughes on November 13, 2024 at 4:46 PM

SOC 2 End of Year

As the calendar edges toward year-end, companies everywhere ramp up their efforts to complete their SOC 2 compliance audits. This time of year often brings a rush to get SOC 2 attestation ready, and for those with ambitious end-of-year goals, timing and preparedness become critical. W …

Read Story

Topics: Compliance SOC 2

What Happens if You “Fail” a SOC 2 Examination?

by Jerry Hughes on October 25, 2024 at 9:43 AM

SOC 2 Failure

We understand that the SOC 2 audit process is a complex and vital step for businesses looking to demonstrate their commitment to data security, privacy, and trust. But what happens if you “fail” a SOC 2 examination? What does failure even mean in this context?

Read Story

Topics: Compliance SOC 2

What Is a SOC 2 Bridge Letter?

by Jerry Hughes on October 22, 2024 at 2:45 PM

SOC 2 Bridge Letter

In today’s business environment, trust and transparency are components of building lasting relationships with clients and stakeholders. As organizations turn to third-party vendors and service providers, demonstrating compliance with industry standards has never been more crucial. One …

Read Story

Topics: Compliance SOC 2

SOC 2 vs. C5 Compliance: A Comprehensive Guide

by Jerry Hughes on October 21, 2024 at 1:03 PM

C5 vs SOC 2

As organizations increasingly rely on technology to manage sensitive information, compliance with industry standards becomes paramount. Two prominent frameworks that help organizations demonstrate their commitment to security and privacy are SOC 2 and C5. While both aim to establish t …

Read Story

Topics: Compliance SOC 2

The Value of Penetration Testing in SOC 2 Audits

by Jerry Hughes on October 18, 2024 at 10:00 AM

SOC 2 Penetration Testing

Where data breaches and cyber threats have become increasingly common, organizations adopt robust security measures to protect their sensitive information. For businesses seeking SOC 2 compliance, penetration testing (pen testing) serves as an invaluable tool in assessing and enhancin …

Read Story

Topics: Compliance Security Penetration Testing SOC 2
1 2 3 4

See all

See all

Subscribe by email