Your CMMC SSP Is Not Just a Checkbox: How to Build One That Works
by Derek Boczenowski on June 26, 2026 at 1:24 PM
The System Security Plan (SSP) is the cornerstone document of any CMMC Level 2 compliance program. Yet it is also one of the most underdeveloped artifacts assessors encounter. Organizations preparing for a C3PAO assessment frequently arrive with an SSP that describes their environment …
CMMC Scoping Guide: How to Define Your Level 2 Assessment Boundary
by Derek Boczenowski on June 5, 2026 at 11:30 AM
One of the most consequential (and most misunderstood) steps in preparing for CMMC compliance is defining the scope of your assessment boundary. Scope too broadly and you’re burdening your organization with unnecessary controls and cost. Scope too narrowly and you risk leaving Control …
Does SOC 2 Reduce Security Questionnaires, or Just Change Them?
by Derek Boczenowski on May 28, 2026 at 11:00 AM
Every B2B vendor chasing enterprise deals eventually asks the same thing. We are pouring real money and real calendar time into a SOC 2 Type 2 report, so will it actually reduce the security questionnaires we get buried under, or will buyers just keep sending them anyway?
PCI Compliance for Small Business: A QSA's Field Guide to PCI DSS
by Derek Boczenowski on May 14, 2026 at 3:32 PM
If you run a small business that accepts credit cards, the words "PCI compliance" probably land somewhere between mildly stressful and outright intimidating. I get it. I have spent years walking small merchants through the Payment Card Industry Data Security Standard (PCI DSS), and th …
PCI DSS Penetration Testing: A Practical Compliance Guide
by Derek Boczenowski on April 30, 2026 at 3:23 PM
Here is a conversation we have more often than we would like to admit. We are on a call with an organization that processes payment cards, and we ask how they are tracking against PCI DSS. The response comes back fast and confident: "Oh, we are good. We have an ASV doing our quarterly …
When Vendors Get Hacked: Your Guide to Third-Party Data Breaches
by Derek Boczenowski on December 3, 2025 at 3:03 PM
In today's interconnected business ecosystem, organizations rely heavily on third-party vendors for everything from payroll and marketing to cloud hosting, customer support, and specialized financial-services processing. While these partnerships unlock efficiency and innovation, they …
.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp)
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp)





.jpg)