Jerry Hughes

Jerry Hughes

Jerry Hughes, a founding member of Compass IT Compliance, LLC, has over 35 years of experience helping companies become compliant with internal, industry and government regulations such as PCI-DSS, Sarbanes-Oxley, HIPAA, and GLBA. Mr. Hughes, a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE) has extensive IT auditing experience, especially within the financial industry and the retail sector. He carries an undergraduate degree in Applied Mathematics for Engineers and a minor in Computer Science from the University of Rhode Island. Mr. Hughes has helped develop Compass IT Compliance, LLC into one of the nation's premier consulting firms in the areas of IT governance, assurance, security, and compliance services.

Posts by Jerry Hughes

Steps to Prepare Your SOC 2 Compliance Documentation

by Jerry Hughes on August 26, 2025 at 1:42 PM

SOC 2 Documentation

When it comes to vetting critical third-party service providers to work with, organizations need assurance that these companies have appropriate controls in place to securely execute the services they were contracted to perform. This is where the SOC 2 audit comes in. Few certificatio …

Read Story

Topics: IT Audit SOC 2

Your SOC 2 Audit Is Complete – What Comes Next?

by Jerry Hughes on May 28, 2025 at 4:03 PM

SOC 2 Audit Completed

Congratulations on achieving SOC 2 compliance! At Compass, we understand the effort it takes to meet the rigorous Trust Services Criteria and successfully navigate the audit process. Securing your SOC 2 attestation is a significant milestone, demonstrating your organization’s commitme …

Read Story

Topics: Vendor Management Compliance SOC 2

10 Common Myths About SOC 2 Audits Debunked

by Jerry Hughes on May 28, 2025 at 4:01 PM

SOC 2 Myths

SOC 2 audits play a pivotal role in helping businesses showcase their dedication to safeguarding data and building trust with customers, partners, and stakeholders. However, misconceptions about the process often give rise to confusion, unwarranted stress, and inefficiencies that can …

Read Story

Topics: Compliance SOC 2

Replacing the FFIEC CAT with NIST CSF 2.0

by Jerry Hughes on April 18, 2025 at 11:26 AM

Replacing the FFIEC CAT with NIST CSF 2.0

After nearly a decade of use, the Federal Financial Institutions Examination Council (FFIEC) is officially retiring its Cybersecurity Assessment Tool (CAT) on August 31, 2025. Originally released in 2015, the CAT served as a foundational tool for financial institutions—especially bank …

Read Story

Topics: Compliance NIST Finance

Why SOC 1 and SOC 2 Are Essential for Venture Capital (VC) Firms

by Jerry Hughes on February 24, 2025 at 1:50 PM

Venture Capital SOC Audit

For venture capital (VC) firms, maintaining compliance and robust security across portfolio companies is essential to reducing risks and driving long-term value. SOC audits and tailored security assessments provide a structured approach to managing financial accuracy, regulatory deman …

Read Story

Topics: Compliance SOC 2

Shifting from a SOC 2 Type 1 Audit to a Type 2 Audit

by Jerry Hughes on February 24, 2025 at 1:44 PM

SOC 2 Shifting from Type 1 to Type 2

For organizations striving to showcase their dedication to strong security, availability, processing integrity, confidentiality, and privacy, SOC 2 compliance serves as a vital benchmark. However, progressing from a SOC 2 Type 1 audit to a Type 2 audit requires careful strategic plann …

Read Story

Topics: Compliance SOC 2
1 2 3 4 5

See all

See all

Subscribe by email