.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Maintaining Targeted Risk Analysis (TRAs) for PCI DSS Compliance
by Kelly O’Brien on May 19, 2026 at 10:50 AM
%20for%20PCI%20DSS%20Compliance.jpg)
Every organization that processes, stores, or transmits cardholder data is required to protect it. That much is well understood. What is less understood, and where many organizations quietly fall short, is how they justify specific risk-based decisions inside their compliance program. …
How to Reduce CMMC Scope: A Practical Guide for Defense Contractors
by Jake Dwares on May 15, 2026 at 4:37 PM
For defense contractors preparing for Cybersecurity Maturity Model Certification (CMMC), scope is the single biggest lever you have over cost, timeline, and audit complexity. The smaller and more clearly defined your scope, the fewer systems your assessor has to evaluate, the fewer co …
PCI Compliance for Small Business: A QSA's Field Guide to PCI DSS
by Derek Boczenowski on May 14, 2026 at 3:32 PM
If you run a small business that accepts credit cards, the words "PCI compliance" probably land somewhere between mildly stressful and outright intimidating. I get it. I have spent years walking small merchants through the Payment Card Industry Data Security Standard (PCI DSS), and th …
Canvas Breach: What It Means for Schools & FERPA Compliance
by Jesse Roberts on May 8, 2026 at 1:32 PM
When the Canvas login page was replaced with a ransom note on the morning of May 7, 2026, it did not look like a typical edtech outage. Students at Harvard, the University of Michigan, Duke, the University of Maryland, and thousands of other institutions opened their laptops in the mi …
How to Become a vCISO: The Skills That Set Great Ones Apart
by Jeffrey Torrance on May 6, 2026 at 4:30 PM
At Compass IT Compliance, we run one of the more established virtual CISO practices in the country. That vantage point has given us a clear view of the capabilities that consistently define the strongest vCISOs working in the field today. The skills are not always the ones aspiring vC …
CMMC Assessments in Higher Education: What Campus Leaders Are Saying
by Alexander Magid on May 5, 2026 at 3:33 PM
I just got back from the EDUCAUSE Cybersecurity and Privacy Professionals Conference in Anaheim last week, and I came home with a notebook full of conversations that I think a lot of provosts, CIOs, and CISOs need to hear. The hallway talk between sessions, the candid moments over cof …