Jerry Hughes

Jerry Hughes

Jerry Hughes, a founding member of Compass IT Compliance, LLC, has over 35 years of experience helping companies become compliant with internal, industry and government regulations such as PCI-DSS, Sarbanes-Oxley, HIPAA, and GLBA. Mr. Hughes, a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE) has extensive IT auditing experience, especially within the financial industry and the retail sector. He carries an undergraduate degree in Applied Mathematics for Engineers and a minor in Computer Science from the University of Rhode Island. Mr. Hughes has helped develop Compass IT Compliance, LLC into one of the nation's premier consulting firms in the areas of IT governance, assurance, security, and compliance services.

Posts by Jerry Hughes

Will SOC 2 Replace ISO 27001 in Europe?

by Jerry Hughes on October 16, 2024 at 12:30 PM

Europe Map

As organizations in Europe increasingly prioritize data security and compliance, the question of which standards to adopt becomes critical. Among these standards, System and Organization Controls (SOC 2) and International Organization for Standardization 27001 (ISO 27001) stand out as …

Read Story

Topics: Compliance SOC 2

What is a SOC 2 Gap Assessment? The First Step to Compliance

by Jerry Hughes on October 8, 2024 at 12:00 PM

SOC 2 Gap Assessment

A SOC 2 gap assessment is a crucial step for organizations aiming to achieve SOC 2 compliance, especially those providing services like cloud computing, SaaS, and other technology-driven solutions that manage sensitive customer data. From my personal perspective, a SOC 2 gap assessmen …

Read Story

Topics: Compliance SOC 2

SOC 2 Common Criteria List: CC-Series Explained

by Jerry Hughes on October 4, 2024 at 2:30 PM

SOC 2 Common Criteria List

SOC 2, a widely recognized auditing framework developed by the American Institute of Certified Public Accountants (AICPA), is designed to assess the effectiveness of a service organization’s controls around data security. The SOC 2 report is based on the five Trust Services Criteria ( …

Read Story

Topics: Compliance SOC 2

SOC 2 vs. NIST: A Comprehensive Comparison

by Jerry Hughes on October 2, 2024 at 1:00 PM

SOC 2 vs NIST

When comparing SOC 2 and NIST frameworks, it is essential to understand their respective roles in cybersecurity, compliance, and risk management. Both frameworks provide guidance for organizations seeking to protect sensitive data and ensure security, but they are designed with differ …

Read Story

Topics: Compliance SOC 2 NIST

SOC 2 Password Requirements - A Simple Guide

by Jerry Hughes on September 24, 2024 at 3:45 PM

SOC 2 Password Login

The SOC 2 (System and Organization Controls 2) is a framework for managing and securing data based on criteria established by the AICPA (American Institute of Certified Public Accountants). It is used to assess and report on the controls of service organizations related to data securi …

Read Story

Topics: Compliance SOC 2

Big vs. Small CPA Firms: Which Fits Your SOC 2 Needs?

by Jerry Hughes on September 17, 2024 at 1:00 PM

SOC 2 Big vs Small CPA Firm

Choosing the right CPA firm for a SOC 2 audit is a crucial decision for any organization seeking to demonstrate its commitment to data security, availability, processing integrity, confidentiality, and privacy. SOC 2 (System and Organization Controls 2) reports are essential for servi …

Read Story

Topics: Compliance SOC 2
1 2 3 4

See all

See all

Subscribe by email