Jerry Hughes

Jerry Hughes

Jerry Hughes, a founding member of Compass IT Compliance, LLC, has over 35 years of experience helping companies become compliant with internal, industry and government regulations such as PCI-DSS, Sarbanes-Oxley, HIPAA, and GLBA. Mr. Hughes, a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and Certified Data Privacy Solutions Engineer (CDPSE) has extensive IT auditing experience, especially within the financial industry and the retail sector. He carries an undergraduate degree in Applied Mathematics for Engineers and a minor in Computer Science from the University of Rhode Island. Mr. Hughes has helped develop Compass IT Compliance, LLC into one of the nation's premier consulting firms in the areas of IT governance, assurance, security, and compliance services.

Posts by Jerry Hughes

Understanding SOC 2 Audit Opinions: An Auditor’s Perspective

by Jerry Hughes on August 8, 2024 at 12:45 PM

City Buildings

Service Organization Control 2 (SOC 2) reports are relevant for service organizations to demonstrate their commitment to data security and the effectiveness of their internal controls. SOC 2 reports come with audit opinions provided by independent auditors, which offer insights into h …

Read Story

Topics: Vendor Management Compliance SOC 2

CDK Global Hit by Cyberattacks: The Impact on Auto Dealerships

by Jerry Hughes on June 27, 2024 at 2:45 PM

Car Dealership

CDK Global, a major software-as-a-service (SaaS) provider for car dealerships, recently faced consecutive cyberattacks, severely disrupting the automotive sales and service industry. These breaches highlight the increasing sophistication of cyber threats and the widespread implication …

Read Story

Topics: Vendor Management Cybersecurity News

Your Guide to Drafting a Data Retention Policy

by Jerry Hughes on August 9, 2023 at 1:00 PM

Data Retention Policy

Each day, organizations across the globe handle massive amounts of information, and ensuring it's managed securely, compliantly, and efficiently is no walk in the park. The nitty-gritty of data retention, from knowing how long to keep specific files to wading through a maze of regulat …

Read Story

Topics: Compliance Policies and Procedures

Addressing the Risks of Artificial Intelligence (AI)

by Jerry Hughes on May 4, 2023 at 1:00 PM

AI ChatGPT

Artificial intelligence (AI) is a tool with transformative potential across various domains. It can enhance medical diagnoses and bolster cybersecurity, improving decision-making and efficiency. Nevertheless, like any emerging technology, AI carries certain risks.

Read Story

Topics: News Artificial Intelligence

COVID-19: Is Management Asking the Right Questions?

by Jerry Hughes on April 24, 2020 at 4:00 PM

COVID-19: Is Management Asking the Right Questions?

What if you are the owner or manager of a business in today’s world? A few weeks ago, our world was turned upside down – to say the least. Management’s focus shifted from business as usual to figuring out how to keep employees safe and company doors open for business (in-person or vir …

Read Story

Topics: Vendor Management Vulnerability Scanning Policies and Procedures Business Continuity Planning Privacy Pandemic Planning

Stop Running from Privacy! Use the NIST Privacy Framework

by Jerry Hughes on February 19, 2020 at 1:00 PM

Stop Running from Privacy! Use the NIST Privacy Framework

Take a look at your recent SOC 2 Type ll Service Organization Audit, where there are five Trust Service Criteria (Security, Confidentiality, Processing Integrity, Availability, and Privacy). How about your last Health Insurance Portability and Accountability Act (HIPPA) Audit, where t …

Read Story

Topics: NIST Privacy
2 3 4 5 6

See all

See all

Subscribe by email