.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
CMMC Assessments in Higher Education: What Campus Leaders Are Saying
by Alexander Magid on May 5, 2026 at 3:33 PM
I just got back from the EDUCAUSE Cybersecurity and Privacy Professionals Conference in Anaheim last week, and I came home with a notebook full of conversations that I think a lot of provosts, CIOs, and CISOs need to hear. The hallway talk between sessions, the candid moments over cof …
PCI DSS Penetration Testing: A Practical Compliance Guide
by Derek Boczenowski on April 30, 2026 at 3:23 PM
Here is a conversation we have more often than we would like to admit. We are on a call with an organization that processes payment cards, and we ask how they are tracking against PCI DSS. The response comes back fast and confident: "Oh, we are good. We have an ASV doing our quarterly …
The SOC 3 Report: Your Most Underutilized Trust Asset
by Jerry Hughes on April 24, 2026 at 2:03 PM
In today's marketplace, trust is currency. Prospects evaluate vendors with increasing scrutiny, procurement teams demand proof of security controls before signing contracts, and buyers at every level want assurance that the organizations handling their data take that responsibility se …
Shadow IT Is Now Shadow SaaS & Shadow AI: A Practical Cleanup Guide
by Donald Mills on April 22, 2026 at 2:45 AM
If you caught yourself searching "what is shadow IT" this week, you are not alone, and you have probably already lived through it. The term used to conjure rogue modems in a closet, a dusty Access database on somebody's C: drive, or a "just for the team" WiFi router plugged in under a …
Your GRC Tool Has Limits: Why a CPA Must Be Behind Your SOC Report
by Jerry Hughes on April 9, 2026 at 12:30 PM
There is a quiet misconception circulating in the compliance space, and it is worth addressing directly. As GRC automation platforms have grown in popularity, and as their marketing has increasingly emphasized “SOC 2 readiness,” “continuous compliance,” and “audit preparation” some or …
The Hidden Cybersecurity Risk Nobody Talks About: Executive Turnover
by Donald Mills on April 7, 2026 at 9:44 AM
When security leaders talk about risk, the conversation usually gravitates toward ransomware, zero-day vulnerabilities, or third-party breaches. Those threats are real, and they deserve the attention they get. But there is another risk vector that quietly undermines cybersecurity prog …