.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
CIS or NIST CSF? Choosing the Right Cybersecurity Framework (Or Both)
by Kelly O’Brien on July 24, 2025 at 1:00 PM
The Center for Internet Security (CIS) Critical Security Controls are a prioritized set of best practices designed to help organizations defend against common cyber threats. Version 8.0, released in 2021, introduced major changes to better reflect modern IT environments, including sup …
Rethinking SOC 2 Audits with Purpose-Built Platforms
by Rachel Hughes on July 21, 2025 at 2:38 PM
SOC 2 audits are a crucial part of demonstrating an organization’s commitment to data security and trust. They provide assurance to customers, partners, and regulators that your systems are appropriately controlled and monitored. But despite their value, SOC 2 audits are often viewed …
What Are the Key Steps in Preparing for a SOC 2 Readiness Assessment?
by Rachel Hughes on July 15, 2025 at 10:51 AM
Achieving SOC 2 compliance is a major milestone for organizations that handle sensitive customer data—especially in the SaaS, IT services, and cloud-hosting spaces. At first glance, preparing for a readiness assessment might seem redundant. After all, it’s meant to be the step that he …
HIPAA Compliance in 2025: What’s Changing & Why It Matters
by Kelly O’Brien on July 10, 2025 at 2:22 PM
Healthcare privacy is evolving rapidly, and 2025 is poised to be a year of significant developments. From how artificial intelligence is handled to increased scrutiny around reproductive health data, the boundaries of HIPAA compliance are expanding. This blog post highlights the most …
The SOC for Cybersecurity Report: A Complete Guide
by Derek Boczenowski on June 26, 2025 at 10:53 AM
In a business environment where cyber threats are constant and trust is currency, organizations need a way to clearly demonstrate the strength of their cybersecurity programs. While many have turned to frameworks like SOC 2 for this purpose, there’s a growing recognition that these tr …
Reporting Your DoD Self Assessment (SPRS) Score: What to Know
by Kelly O’Brien on June 10, 2025 at 2:59 PM
If you contract with the Department of Defense (DoD)—directly or indirectly—you’re likely required to report a cybersecurity self-assessment score to the Supplier Performance Risk System (SPRS). SPRS is a web-based system used by the DoD to track and assess contractor performance and …