William DePalma

William DePalma

William DePalma is a founding member of Compass IT Compliance, LLC. With nearly two decades of experience working alongside organizations to address IT security and compliance challenges, William has played a key role in helping businesses navigate evolving regulatory requirements and cybersecurity risks. His leadership has been instrumental in the growth of Compass IT Compliance, guiding organizations in strengthening their security postures and meeting industry standards. In addition to his work at Compass IT Compliance, William was instrumental in the founding of Compass Cyber Guard and the Compass Assurance Team, affiliates dedicated to providing specialized cybersecurity and compliance solutions. Before co-founding Compass IT Compliance, William worked with Lighthouse IT Compliance Group, where he was deeply involved in supporting organizations with their compliance initiatives. His experience spans a range of industries, giving him valuable insight into the operational and security challenges that companies face today. William holds a Bachelor of Science in Business Administration from the University of New Hampshire and served in the United States Coast Guard for 22 years. Learn more about William in his employee spotlight video: https://www.youtube.com/watch?v=97Ncw0JRt5A

Posts by William DePalma

CMMC & the Executive Order: A New Era for Shipbuilders

Shipbuilders CMMC

America’s shipbuilding renaissance is underway. On April 9, 2025, President Trump signed a sweeping executive order aimed at revitalizing the U.S. shipbuilding industrial base—an industry long seen as vital to both economic strength and national defense. At the same time, shipbuilders …

Read Story

Subcontractor Survival: Meeting Prime Contractor CMMC Requirements

CMMC Factory

The cybersecurity landscape for the defense industrial base (DIB) has shifted. With the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 moving swiftly toward full enforcement, subcontractors are finding themselves under growing pressure — not only f …

Read Story

Understanding SOC 2 Compliance & Vendor Management

SOC 2 Vendor Management

SOC 2 (System and Organization Controls 2) is a trusted auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It assesses an organization’s information systems against the Trust Services Criteria (TSC): security, availability, processing integr …

Read Story

New York Implements Stricter Hospital Cybersecurity Regulations

New Hospital Cybersecurity Regulations

On October 2, 2024, New York State implemented groundbreaking cybersecurity regulations specifically targeting the state’s general hospitals. These regulations are a significant step forward in safeguarding sensitive patient data and healthcare operations, marking a notable shift in h …

Read Story

HECVAT vs. SOC 2: Find Out the Difference

HECVAT vs SOC 2

Organizations today, particularly those handling sensitive data or offering IT services, must respond to mounting calls for transparency on security and compliance procedures. Two such frameworks that fulfill this need are the Higher Education Community Vendor Assessment Toolkit (HECV …

Read Story

Data: The Secret Sauce to Surviving Business Disasters

Data Center

More than money, information is the lifeblood of any organization. From customer records to financial reports, the data your business generates and stores is integral to its day-to-day operations. However, many companies overlook a critical aspect of managing this valuable resource: u …

Read Story

Subscribe by email