.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Replacing the FFIEC CAT with NIST CSF 2.0
by Jerry Hughes on April 18, 2025 at 11:26 AM
After nearly a decade of use, the Federal Financial Institutions Examination Council (FFIEC) is officially retiring its Cybersecurity Assessment Tool (CAT) on August 31, 2025. Originally released in 2015, the CAT served as a foundational tool for financial institutions—especially bank …
Subcontractor Survival: Meeting Prime Contractor CMMC Requirements
by William DePalma on April 17, 2025 at 1:53 PM
The cybersecurity landscape for the defense industrial base (DIB) has shifted. With the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 moving swiftly toward full enforcement, subcontractors are finding themselves under growing pressure — not only f …
Selecting Your SOC 2 Type 2 Observation Period
by Bernard Gallagher on April 11, 2025 at 10:30 AM
Preparing for your first SOC 2 Type 2 audit—or planning your next—requires careful selection of a critical component: the observation period. This timeframe, also known as the monitoring period, audit period, or review window, defines when your organization's controls will be evaluate …
Insights from Presenting at URMIA Northeast Regional Conference
by Alexander Magid on April 9, 2025 at 10:00 AM
Last week, I had the opportunity to speak at the URMIA (University Risk Management and Insurance Association) Northeast Regional Conference in Norwood, MA. It was a fantastic event with an incredibly engaged audience—and it gave me the chance to share the stage with David Marion, Dire …
How Long Does a SOC 2 Audit Take to Complete?
by Bernard Gallagher on April 4, 2025 at 9:44 AM
At Compass, we frequently get asked, “How long does a SOC 2 audit take?” The answer depends on several factors—but having a clear understanding of the typical phases, timelines, and what influences the duration can help your organization prepare and plan accordingly.
7 Ways to Reduce Your PCI DSS Compliance Scope
by Kyle Daun on April 2, 2025 at 1:30 PM
For businesses handling payment card transactions, achieving and maintaining PCI DSS (Payment Card Industry Data Security Standard) compliance is essential. However, the journey to compliance can often be expensive and complex. One of the most effective ways to reduce both the financi …