.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
New Year, New AI Rules: What Healthcare Organizations Need to Do Now
by Bryan Chnowski on January 16, 2026 at 3:08 PM
Several new state laws took effect on January 1, 2026, that directly govern how artificial intelligence is used and disclosed in healthcare settings. States are moving faster than federal lawmakers, and they are placing practical requirements on organizations that develop, deploy, or …
How Often Are Internal Audits Conducted?
by Kelly O’Brien on November 25, 2025 at 4:44 PM
Internal audits play a vital role in keeping an organization running smoothly. They help leadership confirm that processes are working as intended, risks are being managed, and regulatory obligations are being met. Despite their importance, one of the most common questions companies a …
CMMC False Claims Act Raises Compliance Stakes for DoD Firms
by Derek Boczenowski on November 17, 2025 at 1:14 PM
Cybersecurity compliance for Defense Industrial Base (DIB) organizations has never been purely technical, but the stakes have now escalated into a very real legal and financial risk. With the Department of Defense’s final CMMC rule taking effect on November 10, 2025, and the Departmen …
CMMC Final Rule Compliance: A Guide for Defense Contractors
by Justin Leach on November 12, 2025 at 3:17 PM
Since its publication nearly two months ago, the Cybersecurity Maturity Model Certification (CMMC) Final Rule has moved from anticipation to implementation. For defense contractors, compliance is no longer theoretical. The rule is now shaping how the Department of Defense (DoD) manage …
Juggling SOC 2 & ISO 27001: Building a Unified Compliance Plan
by Derek Boczenowski on September 25, 2025 at 1:00 PM
For growing organizations, SOC 2 and ISO 27001 are no longer optional — they’ve become baseline expectations from customers, partners, and regulators. Both frameworks help you prove that you are serious about protecting sensitive data, but pursuing them separately can feel like runnin …
CIS or NIST CSF? Choosing the Right Cybersecurity Framework (Or Both)
by Kelly O’Brien on July 24, 2025 at 1:00 PM
The Center for Internet Security (CIS) Critical Security Controls are a prioritized set of best practices designed to help organizations defend against common cyber threats. Version 8.0, released in 2021, introduced major changes to better reflect modern IT environments, including sup …