.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Higher Education’s Push Toward a Virtual CISO Approach
by Alexander Magid on July 25, 2025 at 10:16 AM
In recent years, higher education institutions have faced an increasingly complex cybersecurity landscape. From ransomware attacks that disrupt learning environments to rising compliance obligations under federal mandates, colleges and universities—especially small and mid-sized ones— …
CIS or NIST CSF? Choosing the Right Cybersecurity Framework (Or Both)
by Kelly O’Brien on July 24, 2025 at 1:00 PM
The Center for Internet Security (CIS) Critical Security Controls are a prioritized set of best practices designed to help organizations defend against common cyber threats. Version 8.0, released in 2021, introduced major changes to better reflect modern IT environments, including sup …
Rethinking SOC 2 Audits with Purpose-Built Platforms
by Rachel Hughes on July 21, 2025 at 2:38 PM
SOC 2 audits are a crucial part of demonstrating an organization’s commitment to data security and trust. They provide assurance to customers, partners, and regulators that your systems are appropriately controlled and monitored. But despite their value, SOC 2 audits are often viewed …
What Are the Key Steps in Preparing for a SOC 2 Readiness Assessment?
by Rachel Hughes on July 15, 2025 at 10:51 AM
Achieving SOC 2 compliance is a major milestone for organizations that handle sensitive customer data—especially in the SaaS, IT services, and cloud-hosting spaces. At first glance, preparing for a readiness assessment might seem redundant. After all, it’s meant to be the step that he …
HIPAA Compliance in 2025: What’s Changing & Why It Matters
by Kelly O’Brien on July 10, 2025 at 2:22 PM
Healthcare privacy is evolving rapidly, and 2025 is poised to be a year of significant developments. From how artificial intelligence is handled to increased scrutiny around reproductive health data, the boundaries of HIPAA compliance are expanding. This blog post highlights the most …
Why the ‘CISO’ in Virtual CISO Services Shouldn’t Scare You
by CJ Hurd on July 8, 2025 at 1:00 PM
For many small and midsize businesses, the term Virtual CISO (or vCISO) can be a little off-putting. It sounds big, corporate, and expensive—like something built for Fortune 500 companies, not organizations with lean teams, tight budgets, and practical day-to-day needs. After all, the …