.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Domain Name Server (DNS) Hijacking Defined
by Peter Fellini on January 6, 2025 at 11:43 AM
The Domain Name System (DNS) serves as the backbone of internet communication, translating human-readable domain names into machine-readable IP addresses. Despite its importance, DNS is often targeted by malicious actors due to vulnerabilities that can compromise its integrity. One of …
Do SOC 2 Auditors Read and Review Code?
by Bernard Gallagher on December 26, 2024 at 1:04 PM
For organizations pursuing SOC 2 compliance, understanding the scope and focus of the audit process is crucial. A common question that arises is whether auditors review source code as part of the SOC 2 audit. Having clarity on this topic is essential, and organizations can benefit fro …
The Value of Penetration Testing in SOC 2 Audits
by Jerry Hughes on October 18, 2024 at 10:00 AM
Where data breaches and cyber threats have become increasingly common, organizations adopt robust security measures to protect their sensitive information. For businesses seeking SOC 2 compliance, penetration testing (pen testing) serves as an invaluable tool in assessing and enhancin …
Does Fitbit App Collect Sensitive Data? Exploring Privacy Questions
by Nicholas Foisy on October 10, 2024 at 1:20 PM
Wearable technology like Fitbit has become a key tool for people looking to monitor and improve their health. However, as these devices collect and store significant amounts of health data, it’s natural for users to have concerns about privacy, security, and how their information is h …
Penetration Testing Phases: Steps in the Process
by Jesse Roberts on September 6, 2024 at 1:00 PM
As cyber threats continue to grow in complexity and frequency, the need for regular penetration testing has become more critical than ever for organizations aiming to safeguard their sensitive data and systems. A well-executed penetration test follows a structured process designed to …
Exploring Rakuten Privacy and Data Collection Concerns
by Nicholas Foisy on September 6, 2024 at 11:22 AM
Rakuten is a popular platform for earning cashback on purchases, but like many online services, it comes with some privacy concerns. The platform collects and shares user data, which could raise questions for those who prioritize privacy. While the savings are appealing, it is importa …