.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
PCI DSS Penetration Testing: A Practical Compliance Guide
by Derek Boczenowski on April 30, 2026 at 3:23 PM
Here is a conversation we have more often than we would like to admit. We are on a call with an organization that processes payment cards, and we ask how they are tracking against PCI DSS. The response comes back fast and confident: "Oh, we are good. We have an ASV doing our quarterly …
When Vendors Get Hacked: Your Guide to Third-Party Data Breaches
by Derek Boczenowski on December 3, 2025 at 3:03 PM
.jpg)
In today's interconnected business ecosystem, organizations rely heavily on third-party vendors for everything from payroll and marketing to cloud hosting, customer support, and specialized financial-services processing. While these partnerships unlock efficiency and innovation, they …
CMMC & the False Claims Act: High Stakes for DoD Contractors
by Derek Boczenowski on November 17, 2025 at 1:14 PM
Cybersecurity compliance for Defense Industrial Base (DIB) organizations has never been purely technical, but the stakes have now escalated into a very real legal and financial risk. With the Department of Defense’s final CMMC rule taking effect on November 10, 2025, and the Departmen …
SOC 2 & ISO 27001 Together: How to Build One Unified Plan
by Derek Boczenowski on September 25, 2025 at 1:00 PM
For growing organizations, SOC 2 and ISO 27001 are no longer optional — they’ve become baseline expectations from customers, partners, and regulators. Both frameworks help you prove that you are serious about protecting sensitive data, but pursuing them separately can feel like runnin …
The SOC for Cybersecurity Report: A Complete Guide
by Derek Boczenowski on June 26, 2025 at 10:53 AM
In a business environment where cyber threats are constant and trust is currency, organizations need a way to clearly demonstrate the strength of their cybersecurity programs. While many have turned to frameworks like SOC 2 for this purpose, there’s a growing recognition that these tr …
PCI DSS 4.0 Password Requirements: A Guide to Compliance
by Derek Boczenowski on November 20, 2024 at 2:16 PM
As cyber threats evolve, ensuring the security of sensitive payment card data has become increasingly crucial for businesses across all industries. The Payment Card Industry Data Security Standard (PCI DSS) was introduced to provide a framework for safeguarding payment card data, incl …