.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Using the HECVAT to Measure Vendor Risk
by Brian Kelly on September 8, 2022 at 1:00 PM
.jpg)
Not a day goes by without a conversation about third-party risk management. Our clients are being bombarded in all directions; asked by regulators, auditors, their clients, and customers alike to complete third-party risk assessments (SIG, CAIQ, HECVAT).
PCI DSS v4.0 ROC Changes – Coming Now to an Organization Near You!
by Derek Boczenowski on August 17, 2022 at 3:30 PM
%20(1).jpg)
The Payment Card Industry Data Security Standard (PCI DSS) version 4.0 is here! It has been released, the documents are available publicly for anyone who would like to read them, and forms for both the 900-pound level 1 Report on Compliance (ROC) and the Self-Assessment Questionnaires …
Ignorance Is Not Bliss When It Comes to Security Assessments
by Kelly O’Brien on May 6, 2022 at 4:00 PM
.jpg)
It is no surprise that bad actors constantly seek to take advantage of current events and changing circumstances to exploit vulnerabilities and gaps in the security of organizations across a myriad of industry verticals and sizes.
PCI DSS v4.0 Released – What Changes Were Made?
by Kyle Daun on April 4, 2022 at 2:15 PM
.jpg)
On January 1st, 2019, the Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 came into effect replacing v3.2 which had been in place since October 31st, 2016. Many changes have occurred since January of 2019, one of which being the worldwide shut down in the first half of 2 …
Risk Management – Everyone Needs a Seat at the Table
by Donald Mills on March 17, 2022 at 1:00 PM
.jpg)
In the security world there’s a common saying that compliance isn’t security and security isn’t compliance. I believe what gets missed in this saying is the role proper risk assessments and risk management play in marrying up security and compliance.
Compliance is NOT Security
by Kelly O’Brien on September 1, 2021 at 3:30 PM
Is maintaining compliance with current regulatory laws enough to protect your business from cybersecurity attacks? If you answered no, you are correct. Although often used synonymously, compliance and security do not mean the same thing when it comes to protecting your organization.