.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
AT 101 SOC 2 Report: What is a Section III?
by Geoff Yeagley on July 13, 2016 at 10:10 AM
In the last couple of posts, we talked about how an AT 101 SOC 2 report differs from a SOC 1 and SOC 3 report and also what the differences are between a SOC 2 Type I and Type II report. In this post, we are going to continue dissecting the different terminology and components of the …
SSAE 16 SOC 2: Differences Between Type I and Type II Reports
by Geoff Yeagley on June 29, 2016 at 10:42 AM
One of the challenges that we have when it comes to consulting with our clients on SSAE 16 is the confusion that comes with the different reports and types of reports. In last weeks blog post, we outlined what the key differences are between a SOC 1, SOC 2, and a SOC 3 report. This we …
SSAE 16 SOC 2 Reports: How Are They Different From Other SOC Reports?
by Geoff Yeagley on June 22, 2016 at 10:54 AM
Fact: More and more organizations are outsourcing business functions to third party providers so they can concentrate on their core business functions, reduce headcount, and ultimately save money. A great example of this is what is called Business Process Outsourcing (BPO) where compa …
IT Risk Assessment and the SANS Top 20 - Part IV
by Geoff Yeagley on February 23, 2016 at 11:00 AM
I know, I know. Before you even say it, they are called the Center for Internet Security Critical Security Controls, not the SANS Top 20 anymore. But, everyone knows them as the SANS Top 20 and often times still refers to them by this name which is why I stuck with it for the final pa …
IT Risk Assessment and the SANS Top 20 - Part I
by Geoff Yeagley on February 2, 2016 at 10:30 AM
Last week we discussed the SANS Top 20 Critical Security Controls (CSC), what they are, and where they came from. This week we are going to start to dig into a handful of the Critical Security Controls to discuss what they are and why these controls are so important. In fact, industry …
FFIEC Guidance: Revision vs. Update
by Geoff Yeagley on December 8, 2015 at 10:00 AM
When it comes to technology, we hear of terms that are often times confused and interchanged. Some examples of these terms might include Vulnerability Scanning and Penetration Testing. Another example might be the age old debate of Risk Assessment versus Audit. While seemingly similar …