.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
SOC 2 vs. NIST: A Comprehensive Comparison
by Jerry Hughes on October 2, 2024 at 1:00 PM
When comparing SOC 2 and NIST frameworks, it is essential to understand their respective roles in cybersecurity, compliance, and risk management. Both frameworks provide guidance for organizations seeking to protect sensitive data and ensure security, but they are designed with differ …
Internal vs External Penetration Testing: What's The Difference?
by Peter Fellini on September 27, 2024 at 10:15 AM
A penetration test, also known as a pen test, is a controlled, simulated cyberattack designed to uncover vulnerabilities that could be exploited in an organization's security. These tests can be carried out either internally or externally. Understanding the difference between internal …
Their Risk is Our Risk (Case Study Draft)
by Brian Kelly on September 25, 2024 at 3:20 PM
This case study, created by Compass IT Compliance and commissioned by the Scholarly Networks Security Initiative (SNSI), aims to pinpoint threats to higher education institutions and propose measures to safeguard the integrity of scientific records, scholarly systems, and user persona …
SOC 2 Password Requirements - A Simple Guide
by Jerry Hughes on September 24, 2024 at 3:45 PM
The SOC 2 (System and Organization Controls 2) is a framework for managing and securing data based on criteria established by the AICPA (American Institute of Certified Public Accountants). It is used to assess and report on the controls of service organizations related to data securi …
Data: The Secret Sauce to Surviving Business Disasters
by William DePalma on September 18, 2024 at 12:30 PM
More than money, information is the lifeblood of any organization. From customer records to financial reports, the data your business generates and stores is integral to its day-to-day operations. However, many companies overlook a critical aspect of managing this valuable resource: u …
Big vs. Small CPA Firms: Which Fits Your SOC 2 Needs?
by Jerry Hughes on September 17, 2024 at 1:00 PM
Choosing the right CPA firm for a SOC 2 audit is a crucial decision for any organization seeking to demonstrate its commitment to data security, availability, processing integrity, confidentiality, and privacy. SOC 2 (System and Organization Controls 2) reports are essential for servi …