Jerry Hughes

Jerry Hughes

Jerry Hughes, a founding member of Compass IT Compliance, LLC, has over 35 years of experience helping companies become compliant with internal, industry and government regulations such as PCI-DSS, Sarbanes-Oxley, HIPAA, and GLBA. Mr. Hughes, a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE) has extensive IT auditing experience, especially within the financial industry and the retail sector. He carries an undergraduate degree in Applied Mathematics for Engineers and a minor in Computer Science from the University of Rhode Island. Mr. Hughes has helped develop Compass IT Compliance, LLC into one of the nation's premier consulting firms in the areas of IT governance, assurance, security, and compliance services.

Posts by Jerry Hughes

The SOC 3 Report: Your Most Underutilized Trust Asset

by Jerry Hughes on April 24, 2026 at 2:03 PM

The SOC 3 Report Your Most Underutilized Trust Asset

In today's marketplace, trust is currency. Prospects evaluate vendors with increasing scrutiny, procurement teams demand proof of security controls before signing contracts, and buyers at every level want assurance that the organizations handling their data take that responsibility se …

Read Story

Topics: SOC 2 SOC 3

Your GRC Tool Has Limits: Why a CPA Must Be Behind Your SOC Report

by Jerry Hughes on April 9, 2026 at 12:30 PM

Your GRC Tool Has Limits Why a CPA Must Be Behind Your SOC Report

There is a quiet misconception circulating in the compliance space, and it is worth addressing directly. As GRC automation platforms have grown in popularity, and as their marketing has increasingly emphasized “SOC 2 readiness,” “continuous compliance,” and “audit preparation” some or …

Read Story

Topics: SOC 2 IT GRC

New AI Executive Order: Why Your Business Can't Wait

by Jerry Hughes on December 17, 2025 at 11:05 AM

New AI Executive Order Why Your Business Can't Wait for Clarity

The landscape of artificial intelligence governance in the United States just shifted dramatically. President Trump's recent executive order attempting to establish federal primacy over AI regulation has ignited a national debate about who should be setting the rules for this transfor …

Read Story

Topics: IT Governance Artificial Intelligence

AI Cybersecurity Risks: Dangerous Whether You Use It or Not

by Jerry Hughes on December 11, 2025 at 2:00 PM

The Double-Edged Sword Why AI Presents Risks Whether You Use It or Not

The boardroom debate about artificial intelligence has shifted from "should we explore AI?" to a far more complex question: "how do we navigate a landscape where both using AI and avoiding it exposes us to serious risks?"

Read Story

Topics: IT Governance Artificial Intelligence

Why Holiday Peak Readiness Depends on Strong SOC 2 Compliance

by Jerry Hughes on November 26, 2025 at 12:00 PM

Black Friday SOC 2 Reports

Black Friday is no longer a single day of crowded stores and doorbuster sales. It has become a long digital stretch that can determine the financial outcome of an entire year for many retailers. For some online merchants, the holiday shopping season represents up to a third of their a …

Read Story

Topics: Vendor Management SOC 2

Steps to Prepare Your SOC 2 Compliance Documentation

by Jerry Hughes on August 26, 2025 at 1:42 PM

SOC 2 Documentation

When it comes to vetting critical third-party service providers to work with, organizations need assurance that these companies have appropriate controls in place to securely execute the services they were contracted to perform. This is where the SOC 2 audit comes in. Few certificatio …

Read Story

Topics: IT Audit SOC 2
1 2 3 4 5

See all

See all

Subscribe by email