What the 2026 Verizon DBIR Means for Your SOC 2 Compliance Program
by Rachel Hughes on June 10, 2026 at 3:55 PM
The 2026 Verizon Data Breach Investigations Report (DBIR) recently dropped. Vulnerability exploitation is officially the #1 breach vector at 31%. It is now the #1 way attackers are getting in, surpassing credential abuse, which dropped from 22% down to just 13% as an initial access me …
Subservice Organizations in SOC Reports: Carve-Out vs. Inclusive Method
by Rachel Hughes on June 9, 2026 at 4:33 PM
When a service organization relies on another vendor to perform part of its service, that vendor relationship doesn’t disappear from the SOC audit. Think of a payroll processor using a third-party data center, for example, or a SaaS company built on a major cloud infrastructure provid …
SOC 2 Remediation Roadmap: Turn Exceptions Into Progress
by Rachel Hughes on January 30, 2026 at 11:52 AM
Your SOC 2 audit report just landed on your desk, and you've spotted exceptions. Before the panic sets in, take a breath. Finding exceptions in your SOC 2 audit doesn't signal impending disaster or business failure. In fact, exceptions happen even to well-managed, security-conscious o …
Rethinking SOC 2 Audits with Purpose-Built Platforms
by Rachel Hughes on July 21, 2025 at 2:38 PM
SOC 2 audits are a crucial part of demonstrating an organization’s commitment to data security and trust. They provide assurance to customers, partners, and regulators that your systems are appropriately controlled and monitored. But despite their value, SOC 2 audits are often viewed …
What Are the Key Steps in Preparing for a SOC 2 Readiness Assessment?
by Rachel Hughes on July 15, 2025 at 10:51 AM
Achieving SOC 2 compliance is a major milestone for organizations that handle sensitive customer data—especially in the SaaS, IT services, and cloud-hosting spaces. At first glance, preparing for a readiness assessment might seem redundant. After all, it’s meant to be the step that he …
A Detailed History of SOC 2 Compliance
by Rachel Hughes on July 2, 2024 at 12:30 PM
Security threats do not only come from bad actors online or suspicious links in an email. Have you considered the security threats posed by your organization’s closest entities – like vendors and partners? Third party service providers may unknowingly pose security threats to their co …
.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp)
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp)





