.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Canvas Breach: What It Means for Schools & FERPA Compliance
by Jesse Roberts on May 8, 2026 at 1:32 PM
When the Canvas login page was replaced with a ransom note on the morning of May 7, 2026, it did not look like a typical edtech outage. Students at Harvard, the University of Michigan, Duke, the University of Maryland, and thousands of other institutions opened their laptops in the mi …
How to Become a vCISO: The Skills That Set Great Ones Apart
by Jeffrey Torrance on May 6, 2026 at 4:30 PM
At Compass IT Compliance, we run one of the more established virtual CISO practices in the country. That vantage point has given us a clear view of the capabilities that consistently define the strongest vCISOs working in the field today. The skills are not always the ones aspiring vC …
CMMC Assessments in Higher Education: What Campus Leaders Are Saying
by Alexander Magid on May 5, 2026 at 3:33 PM
I just got back from the EDUCAUSE Cybersecurity and Privacy Professionals Conference in Anaheim last week, and I came home with a notebook full of conversations that I think a lot of provosts, CIOs, and CISOs need to hear. The hallway talk between sessions, the candid moments over cof …
PCI DSS Penetration Testing: A Practical Compliance Guide
by Derek Boczenowski on April 30, 2026 at 3:23 PM
Here is a conversation we have more often than we would like to admit. We are on a call with an organization that processes payment cards, and we ask how they are tracking against PCI DSS. The response comes back fast and confident: "Oh, we are good. We have an ASV doing our quarterly …
The SOC 3 Report: Your Most Underutilized Trust Asset
by Jerry Hughes on April 24, 2026 at 2:03 PM
In today's marketplace, trust is currency. Prospects evaluate vendors with increasing scrutiny, procurement teams demand proof of security controls before signing contracts, and buyers at every level want assurance that the organizations handling their data take that responsibility se …
Shadow IT Is Now Shadow SaaS & Shadow AI: A Practical Cleanup Guide
by Donald Mills on April 22, 2026 at 2:45 AM
If you caught yourself searching "what is shadow IT" this week, you are not alone, and you have probably already lived through it. The term used to conjure rogue modems in a closet, a dusty Access database on somebody's C: drive, or a "just for the team" WiFi router plugged in under a …