Derek Boczenowski

Derek Boczenowski

Derek Boczenowski is Chief Architect with Compass IT Compliance. Derek has over 20 years of IT experience in a variety of vertical markets, including financial services, higher education, and state/local government. Prior to joining Compass IT Compliance, Derek was the VP of Technology for a credit union in Massachusetts with approximately $700M in assets under management. With an MBA in Technology Management as well as industry leading certifications, such as being a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE), Derek works with clients of all sizes and in all vertical markets to help them identify gaps in their IT security strategies and provide relevant, attainable solutions to ultimately mitigate their overall risk. Derek has spoken at numerous conferences throughout his career, including the Fiserv national conference and New York Banker’s Association Annual Meeting, and is recognized as a thought leader in the field of information technology and information security.

Posts by Derek Boczenowski

Juggling SOC 2 & ISO 27001: Building a Unified Compliance Plan

by Derek Boczenowski on September 25, 2025 at 1:00 PM

Juggling SOC 2 and ISO 27001

For growing organizations, SOC 2 and ISO 27001 are no longer optional — they’ve become baseline expectations from customers, partners, and regulators. Both frameworks help you prove that you are serious about protecting sensitive data, but pursuing them separately can feel like runnin …

Read Story

Topics: Compliance IT Audit SOC 2

The SOC for Cybersecurity Report: A Complete Guide

by Derek Boczenowski on June 26, 2025 at 10:53 AM

SOC for Cybersecurity

In a business environment where cyber threats are constant and trust is currency, organizations need a way to clearly demonstrate the strength of their cybersecurity programs. While many have turned to frameworks like SOC 2 for this purpose, there’s a growing recognition that these tr …

Read Story

Topics: Compliance SOC 2

PCI DSS 4.0 Password Requirements: A Guide to Compliance

by Derek Boczenowski on November 20, 2024 at 2:16 PM

PCI DSS v4.0 Password Requirements

As cyber threats evolve, ensuring the security of sensitive payment card data has become increasingly crucial for businesses across all industries. The Payment Card Industry Data Security Standard (PCI DSS) was introduced to provide a framework for safeguarding payment card data. The …

Read Story

Topics: PCI Compliance Compliance Policies and Procedures

What to Look for When Choosing a SOC 2 Audit Firm

by Derek Boczenowski on May 23, 2024 at 9:30 AM

SOC 2 Proposals

Selecting a SOC 2 auditor can be challenging for many business leaders. This significant financial commitment demonstrates your dedication to data security to your business partners and customers. With numerous audit firms vying for your SOC 2 business, what criteria should you consid …

Read Story

Topics: Compliance IT Audit SOC 2

What Is a SOC 2 Report and Who Needs One?

by Derek Boczenowski on March 29, 2024 at 11:43 AM

Who Needs a SOC 2?

In an era where data security and privacy are paramount, the SOC 2 report emerges as a critical tool for organizations that manage customer data. Tailored to ensure the safeguarding of information, a SOC 2 report not only enhances an organization's credibility but also solidifies its …

Read Story

Topics: Compliance SOC 2

NIST Cybersecurity Framework 2.0 – Key Takeaways

by Derek Boczenowski on March 7, 2024 at 1:30 PM

United States Department of Commerce

Last week, the National Institute of Standards and Technology (NIST) unveiled the second version of its Cybersecurity Framework (CSF), marking the first major new updates to NIST CSF since the framework's inception ten years ago. Initiated by Executive Order 13636, the development of …

Read Story

Topics: Compliance NIST Government
1 2 3 4 5

See all

See all

Subscribe by email