.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
How to Reduce CMMC Scope: A Practical Guide for Defense Contractors
by Jake Dwares on May 15, 2026 at 4:37 PM
For defense contractors preparing for Cybersecurity Maturity Model Certification (CMMC), scope is the single biggest lever you have over cost, timeline, and audit complexity. The smaller and more clearly defined your scope, the fewer systems your assessor has to evaluate, the fewer co …
The Gap Between Compliant & Secure Is Where Breaches Live
by Donald Mills on March 4, 2026 at 2:43 PM
There's a conversation happening in boardrooms, IT departments, and leadership meetings across every industry right now, and it usually starts the same way: "Are we compliant?"
What the SEC Wants to See in Your 10-K Cybersecurity Disclosure
by CJ Hurd on March 2, 2026 at 2:00 PM
If you follow publicly traded companies closely, you may have noticed something tucked into their annual reports over the past few years that wasn't always there before: a section called "Item 1C – Cybersecurity." For investors, compliance professionals, and business leaders alike, th …
What to Expect When Working with an IT Compliance Partner
by Nicholas Foisy on February 18, 2026 at 4:20 PM
Bringing on an IT compliance partner is a significant decision, one that often comes with as many questions as it does relief. Whether your organization has just experienced a security incident, is preparing for an audit, or has simply reached a point where internal resources can no l …
HIPAA Updates 2026: What Healthcare Organizations Must Know
by Kelly O’Brien on February 11, 2026 at 5:13 PM
The healthcare industry is heading into one of its most significant regulatory shifts in over a decade. With proposed changes to both the HIPAA Security Rule and Privacy Rule expected to be finalized in 2026, organizations that handle electronic protected health information (ePHI) nee …
SOC 2 Remediation Roadmap: Turn Exceptions Into Progress
by Rachel Hughes on January 30, 2026 at 11:52 AM
Your SOC 2 audit report just landed on your desk, and you've spotted exceptions. Before the panic sets in, take a breath. Finding exceptions in your SOC 2 audit doesn't signal impending disaster or business failure. In fact, exceptions happen even to well-managed, security-conscious o …