.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Your SOC 2 Remediation Roadmap: Turning Exceptions into Progress
by Rachel Hughes on January 30, 2026 at 11:52 AM
Your SOC 2 audit report just landed on your desk, and you've spotted exceptions. Before the panic sets in, take a breath. Finding exceptions in your SOC 2 audit doesn't signal impending disaster or business failure. In fact, exceptions happen even to well-managed, security-conscious o …
New Year, New AI Rules: What Healthcare Organizations Need to Do Now
by Bryan Chnowski on January 16, 2026 at 3:08 PM
Several new state laws took effect on January 1, 2026, that directly govern how artificial intelligence is used and disclosed in healthcare settings. States are moving faster than federal lawmakers, and they are placing practical requirements on organizations that develop, deploy, or …
How Often Are Internal Audits Conducted?
by Kelly O’Brien on November 25, 2025 at 4:44 PM
Internal audits play a vital role in keeping an organization running smoothly. They help leadership confirm that processes are working as intended, risks are being managed, and regulatory obligations are being met. Despite their importance, one of the most common questions companies a …
CMMC False Claims Act Raises Compliance Stakes for DoD Firms
by Derek Boczenowski on November 17, 2025 at 1:14 PM
Cybersecurity compliance for Defense Industrial Base (DIB) organizations has never been purely technical, but the stakes have now escalated into a very real legal and financial risk. With the Department of Defense’s final CMMC rule taking effect on November 10, 2025, and the Departmen …
CMMC Final Rule Compliance: A Guide for Defense Contractors
by Justin Leach on November 12, 2025 at 3:17 PM
Since its publication nearly two months ago, the Cybersecurity Maturity Model Certification (CMMC) Final Rule has moved from anticipation to implementation. For defense contractors, compliance is no longer theoretical. The rule is now shaping how the Department of Defense (DoD) manage …
Juggling SOC 2 & ISO 27001: Building a Unified Compliance Plan
by Derek Boczenowski on September 25, 2025 at 1:00 PM
For growing organizations, SOC 2 and ISO 27001 are no longer optional — they’ve become baseline expectations from customers, partners, and regulators. Both frameworks help you prove that you are serious about protecting sensitive data, but pursuing them separately can feel like runnin …