.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Understanding SOC 2 Compliance & Vendor Management
by William DePalma on January 24, 2025 at 11:59 AM
SOC 2 (System and Organization Controls 2) is a trusted auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It assesses an organization’s information systems against the Trust Services Criteria (TSC): security, availability, processing integr …
Understanding DoD Impact Levels for Cloud Security
by Jake Dwares on January 15, 2025 at 12:59 PM
The security of information is a cornerstone of the Department of Defense's (DoD) operations. To safeguard sensitive data, the DoD has developed Impact Levels (ILs), a framework that categorizes information systems based on their sensitivity and the potential impact of a compromise. T …
SAS 145 and IT General Controls: What Organizations Need to Know
by Bernard Gallagher on January 13, 2025 at 2:30 PM
The release of SAS 145 (Statement on Auditing Standards No. 145) represents a significant shift in how auditors evaluate and respond to the risks of material misstatements, particularly in complex IT environments. As IT General Controls (ITGCs) underpin key financial processes and rep …
Leveraging a Virtual CISO (vCISO) for SOC 2 Compliance
by Jeffrey Torrance on January 10, 2025 at 1:00 PM
In the rapidly evolving landscape of cybersecurity and data privacy, achieving and maintaining compliance with industry standards like SOC 2 is critical for businesses of all sizes. However, this process can be daunting, especially for organizations lacking the internal expertise or r …
What is TISAX Assessment Level 2.5 (AL 2.5)?
by CJ Hurd on January 8, 2025 at 2:21 PM
In the realm of automotive and industrial information security, TISAX (Trusted Information Security Assessment Exchange) plays a vital role in standardizing security assessments among partners and suppliers. One of its unique features is the concept of assessment levels, which determi …
Do SOC 2 Auditors Read and Review Code?
by Bernard Gallagher on December 26, 2024 at 1:04 PM
For organizations pursuing SOC 2 compliance, understanding the scope and focus of the audit process is crucial. A common question that arises is whether auditors review source code as part of the SOC 2 audit. Having clarity on this topic is essential, and organizations can benefit fro …