.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Your SOC 2 Audit Is Complete – What Comes Next?
by Jerry Hughes on May 28, 2025 at 4:03 PM
Congratulations on achieving SOC 2 compliance! At Compass, we understand the effort it takes to meet the rigorous Trust Services Criteria and successfully navigate the audit process. Securing your SOC 2 attestation is a significant milestone, demonstrating your organization’s commitme …
10 Common Myths About SOC 2 Audits Debunked
by Jerry Hughes on May 28, 2025 at 4:01 PM
SOC 2 audits play a pivotal role in helping businesses showcase their dedication to safeguarding data and building trust with customers, partners, and stakeholders. However, misconceptions about the process often give rise to confusion, unwarranted stress, and inefficiencies that can …
The Hidden Risks of User-Installed Apps in Microsoft 365
by Jesse Roberts on May 23, 2025 at 11:09 AM
The Microsoft 365 platform offers unparalleled flexibility, enabling users to collaborate, share, and automate workflows through an expansive catalog of third-party and custom-developed applications. But that convenience comes with a cost.
Misconfigured Microsoft 365: A Growing Threat Surface
by Jesse Roberts on May 15, 2025 at 1:49 PM
Microsoft 365 has become the backbone of modern business productivity. From Exchange Online and Teams to SharePoint, Power Apps, and Power Pages, its integrated services allow organizations to collaborate at scale. But with convenience comes complexity—and with complexity, misconfigur …
Is Your Internal Pen Test Just a Glorified Vulnerability Scan?
by Jesse Roberts on May 14, 2025 at 12:04 PM
Organizations today face an increasing number of internal threats—whether from malicious insiders, compromised credentials, or vulnerable systems exposed on the internal network. That’s why internal penetration testing has become a critical part of any mature cybersecurity program. Bu …
Why One-Size-Fits-All vCISO Security Programs Fall Short
by CJ Hurd on May 9, 2025 at 3:17 PM
When people talk about virtual Chief Information Security Officer (vCISO) services, they tend to focus on access: access to strategic guidance, access to frameworks, access to a security expert at a fraction of the cost of a full-time executive. And those benefits are real. But what d …