.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
What Are the 3 Important Rules for HIPAA Compliance?
by Kyle Daun on October 9, 2024 at 12:00 PM
HIPAA is designed to protect patient information and ensure its secure handling. As healthcare continues to digitize, compliance with HIPAA’s key regulations is critical for safeguarding sensitive data and maintaining patient trust. This blog post highlights the essential rules health …
What is a SOC 2 Gap Assessment? The First Step to Compliance
by Jerry Hughes on October 8, 2024 at 12:00 PM
A SOC 2 gap assessment is a crucial step for organizations aiming to achieve SOC 2 compliance, especially those providing services like cloud computing, SaaS, and other technology-driven solutions that manage sensitive customer data. From my personal perspective, a SOC 2 gap assessmen …
SOC 2 Common Criteria List: CC-Series Explained
by Jerry Hughes on October 4, 2024 at 2:30 PM
SOC 2, a widely recognized auditing framework developed by the American Institute of Certified Public Accountants (AICPA), is designed to assess the effectiveness of a service organization’s controls around data security. The SOC 2 report is based on the five Trust Services Criteria ( …
SOC 2 vs. NIST: A Comprehensive Comparison
by Jerry Hughes on October 2, 2024 at 1:00 PM
When comparing SOC 2 and NIST frameworks, it is essential to understand their respective roles in cybersecurity, compliance, and risk management. Both frameworks provide guidance for organizations seeking to protect sensitive data and ensure security, but they are designed with differ …
Internal vs External Penetration Testing: What's The Difference?
by Peter Fellini on September 27, 2024 at 10:15 AM
A penetration test, also known as a pen test, is a controlled, simulated cyberattack designed to uncover vulnerabilities that could be exploited in an organization's security. These tests can be carried out either internally or externally. Understanding the difference between internal …
Their Risk is Our Risk (Case Study Draft)
by Brian Kelly on September 25, 2024 at 3:20 PM
This case study, created by Compass IT Compliance and commissioned by the Scholarly Networks Security Initiative (SNSI), aims to pinpoint threats to higher education institutions and propose measures to safeguard the integrity of scientific records, scholarly systems, and user persona …