Jerry Hughes

Jerry Hughes

Jerry Hughes, a founding member of Compass IT Compliance, LLC, has over 35 years of experience helping companies become compliant with internal, industry and government regulations such as PCI-DSS, Sarbanes-Oxley, HIPAA, and GLBA. Mr. Hughes, a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE) has extensive IT auditing experience, especially within the financial industry and the retail sector. He carries an undergraduate degree in Applied Mathematics for Engineers and a minor in Computer Science from the University of Rhode Island. Mr. Hughes has helped develop Compass IT Compliance, LLC into one of the nation's premier consulting firms in the areas of IT governance, assurance, security, and compliance services.

Posts by Jerry Hughes

SOC 2 Password Requirements - A Simple Guide

by Jerry Hughes on September 24, 2024 at 3:45 PM

SOC 2 Password Login

The SOC 2 (System and Organization Controls 2) is a framework for managing and securing data based on criteria established by the AICPA (American Institute of Certified Public Accountants). It is used to assess and report on the controls of service organizations related to data securi …

Read Story

Topics: Compliance SOC 2

Big vs. Small CPA Firms: Which Fits Your SOC 2 Needs?

by Jerry Hughes on September 17, 2024 at 1:00 PM

SOC 2 Big vs Small CPA Firm

Choosing the right CPA firm for a SOC 2 audit is a crucial decision for any organization seeking to demonstrate its commitment to data security, availability, processing integrity, confidentiality, and privacy. SOC 2 (System and Organization Controls 2) reports are essential for servi …

Read Story

Topics: Compliance SOC 2

ISO 27001 vs. SOC 2: Discover the Differences

by Jerry Hughes on September 10, 2024 at 1:00 PM

SOC 2 Office Cubicles

ISO 27001 and SOC 2 are both essential frameworks for ensuring information security, but they are designed for different purposes and cater to several types of organizations. Understanding the answer to the question, “what is the difference between SOC 2 and ISO 27001?” is crucial for …

Read Story

Topics: Vendor Management Compliance SOC 2

Achieving SOC 2 Compliance for Artificial Intelligence (AI) Platforms

by Jerry Hughes on September 4, 2024 at 1:09 PM

AI Platform SOC 2

Achieving SOC 2 compliance for Artificial Intelligence (AI) platforms is crucial for building trust with clients and stakeholders, especially as AI becomes increasingly integrated into critical business operations. SOC 2 compliance demonstrates that an AI platform has effective contro …

Read Story

Topics: Vendor Management Compliance SOC 2

How Often Should a SOC 2 Report Be Updated?

by Jerry Hughes on August 20, 2024 at 1:00 PM

SOC 2 Buildings

Given the dynamic nature of cybersecurity threats and regulatory requirements, understanding the frequency of SOC 2 report updates is essential for maintaining compliance and ensuring continuous protection. In today's fast-paced landscape, organizations must be proactive in managing t …

Read Story

Topics: Vendor Management Compliance SOC 2

Understanding SOC 2 Audit Opinions: An Auditor’s Perspective

by Jerry Hughes on August 8, 2024 at 12:45 PM

City Buildings

Service Organization Control 2 (SOC 2) reports are relevant for service organizations to demonstrate their commitment to data security and the effectiveness of their internal controls. SOC 2 reports come with audit opinions provided by independent auditors, which offer insights into h …

Read Story

Topics: Vendor Management Compliance SOC 2
2 3 4 5 6

See all

See all

Subscribe by email