.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
PCI Compliance for Small Business: A QSA's Field Guide to PCI DSS
by Derek Boczenowski on May 14, 2026 at 3:32 PM
If you run a small business that accepts credit cards, the words "PCI compliance" probably land somewhere between mildly stressful and outright intimidating. I get it. I have spent years walking small merchants through the Payment Card Industry Data Security Standard (PCI DSS), and th …
Canvas Breach: What It Means for Schools & FERPA Compliance
by Jesse Roberts on May 8, 2026 at 1:32 PM
When the Canvas login page was replaced with a ransom note on the morning of May 7, 2026, it did not look like a typical edtech outage. Students at Harvard, the University of Michigan, Duke, the University of Maryland, and thousands of other institutions opened their laptops in the mi …
How to Become a vCISO: The Skills That Set Great Ones Apart
by Jeffrey Torrance on May 6, 2026 at 4:30 PM
At Compass IT Compliance, we run one of the more established virtual CISO practices in the country. That vantage point has given us a clear view of the capabilities that consistently define the strongest vCISOs working in the field today. The skills are not always the ones aspiring vC …
CMMC Assessments in Higher Education: What Campus Leaders Are Saying
by Alexander Magid on May 5, 2026 at 3:33 PM
I just got back from the EDUCAUSE Cybersecurity and Privacy Professionals Conference in Anaheim last week, and I came home with a notebook full of conversations that I think a lot of provosts, CIOs, and CISOs need to hear. The hallway talk between sessions, the candid moments over cof …
PCI DSS Penetration Testing: A Practical Compliance Guide
by Derek Boczenowski on April 30, 2026 at 3:23 PM
Here is a conversation we have more often than we would like to admit. We are on a call with an organization that processes payment cards, and we ask how they are tracking against PCI DSS. The response comes back fast and confident: "Oh, we are good. We have an ASV doing our quarterly …
The SOC 3 Report: Your Most Underutilized Trust Asset
by Jerry Hughes on April 24, 2026 at 2:03 PM
In today's marketplace, trust is currency. Prospects evaluate vendors with increasing scrutiny, procurement teams demand proof of security controls before signing contracts, and buyers at every level want assurance that the organizations handling their data take that responsibility se …