.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
IT Auditing and IT Risk Assessment: What's the Difference?
by Geoff Yeagley on July 30, 2015 at 10:15 AM
We often hear the terms IT Risk Assessment and IT Audit used in various situations and often times they are used interchangeably. This causes great confusion for people who are trying to determine not only what they are looking for in terms of a service, but also what they can expect …
Where to Start with PCI Compliance: The PCI Compliance Checklist
by TJ Quirk on July 23, 2015 at 2:14 PM
Navigating the complexities of PCI Compliance can be challenging and time consuming, especially if it is your first time going through the process. What do you need to do to become PCI compliant and what is your plan for getting started? These are questions that are often asked that c …
What is a PCI ROC?
by TJ Quirk on July 21, 2015 at 9:32 AM
Often times we hear terms that are thrown around like PCI Risk Assessment and PCI Report on Compliance (ROC). Are you often struggling to understand the difference between these requirements and if / when you’re required to complete them? The good news is that you’re not alone and hop …
How Vendor Management Software Can Help with Regulatory Compliance
by Geoff Yeagley on July 14, 2015 at 9:34 AM
Security Awareness Training is No Joke!
by Derek Boczenowski on June 23, 2015 at 9:51 AM
Without a doubt, almost every type of IT audit contains a section on security awareness training. And in many companies, it is a weakness that can be exploited easier than trying to hack a firewall or compromise a server. In many cases, it can be as easy as sending an email or making …
A Key To Your Risk Management Strategy: Cybersecurity Insurance
by Geoff Yeagley on June 16, 2015 at 10:34 AM
I went to a conference back in October and the keynote speaker was a former NSA Director. He made a brilliant point during his presentation that was as follows: There are two types of companies, one that has been breached and the other is the one that has been breached but doesn’t kno …