Jerry Hughes

Jerry Hughes

Jerry Hughes, a founding member of Compass IT Compliance, LLC, has over 35 years of experience helping companies become compliant with internal, industry and government regulations such as PCI-DSS, Sarbanes-Oxley, HIPAA, and GLBA. Mr. Hughes, a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE) has extensive IT auditing experience, especially within the financial industry and the retail sector. He carries an undergraduate degree in Applied Mathematics for Engineers and a minor in Computer Science from the University of Rhode Island. Mr. Hughes has helped develop Compass IT Compliance, LLC into one of the nation's premier consulting firms in the areas of IT governance, assurance, security, and compliance services.

Posts by Jerry Hughes

Big vs. Small CPA Firms: Which Fits Your SOC 2 Needs?

by Jerry Hughes on September 17, 2024 at 1:00 PM

SOC 2 Big vs Small CPA Firm

Choosing the right CPA firm for a SOC 2 audit is a crucial decision for any organization seeking to demonstrate its commitment to data security, availability, processing integrity, confidentiality, and privacy. SOC 2 (System and Organization Controls 2) reports are essential for servi …

Read Story

Topics: Compliance SOC 2

ISO 27001 vs. SOC 2: Discover the Differences

by Jerry Hughes on September 10, 2024 at 1:00 PM

SOC 2 Office Cubicles

ISO 27001 and SOC 2 are both essential frameworks for ensuring information security, but they are designed for different purposes and cater to several types of organizations. Understanding the answer to the question, “what is the difference between SOC 2 and ISO 27001?” is crucial for …

Read Story

Topics: Vendor Management Compliance SOC 2

Achieving SOC 2 Compliance for Artificial Intelligence (AI) Platforms

by Jerry Hughes on September 4, 2024 at 1:09 PM

AI Platform SOC 2

Achieving SOC 2 compliance for Artificial Intelligence (AI) platforms is crucial for building trust with clients and stakeholders, especially as AI becomes increasingly integrated into critical business operations. SOC 2 compliance demonstrates that an AI platform has effective contro …

Read Story

Topics: Vendor Management Compliance SOC 2

How Often Should a SOC 2 Report Be Updated?

by Jerry Hughes on August 20, 2024 at 1:00 PM

SOC 2 Buildings

Given the dynamic nature of cybersecurity threats and regulatory requirements, understanding the frequency of SOC 2 report updates is essential for maintaining compliance and ensuring continuous protection. In today's fast-paced landscape, organizations must be proactive in managing t …

Read Story

Topics: Vendor Management Compliance SOC 2

Understanding SOC 2 Audit Opinions: An Auditor’s Perspective

by Jerry Hughes on August 8, 2024 at 12:45 PM

City Buildings

Service Organization Control 2 (SOC 2) reports are relevant for service organizations to demonstrate their commitment to data security and the effectiveness of their internal controls. SOC 2 reports come with audit opinions provided by independent auditors, which offer insights into h …

Read Story

Topics: Vendor Management Compliance SOC 2

CDK Global Hit by Cyberattacks: The Impact on Auto Dealerships

by Jerry Hughes on June 27, 2024 at 2:45 PM

Car Dealership

CDK Global, a major software-as-a-service (SaaS) provider for car dealerships, recently faced consecutive cyberattacks, severely disrupting the automotive sales and service industry. These breaches highlight the increasing sophistication of cyber threats and the widespread implication …

Read Story

Topics: Vendor Management Cybersecurity News
1 2 3 4 5

See all

See all

Subscribe by email