.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Juggling SOC 2 & ISO 27001: Building a Unified Compliance Plan
by Derek Boczenowski on September 25, 2025 at 1:00 PM
For growing organizations, SOC 2 and ISO 27001 are no longer optional — they’ve become baseline expectations from customers, partners, and regulators. Both frameworks help you prove that you are serious about protecting sensitive data, but pursuing them separately can feel like runnin …
Steps to Prepare Your SOC 2 Compliance Documentation
by Jerry Hughes on August 26, 2025 at 1:42 PM
When it comes to vetting critical third-party service providers to work with, organizations need assurance that these companies have appropriate controls in place to securely execute the services they were contracted to perform. This is where the SOC 2 audit comes in. Few certificatio …
What to Look for When Choosing a SOC 2 Audit Firm
by Derek Boczenowski on May 23, 2024 at 9:30 AM
Selecting a SOC 2 auditor can be challenging for many business leaders. This significant financial commitment demonstrates your dedication to data security to your business partners and customers. With numerous audit firms vying for your SOC 2 business, what criteria should you consid …
SOC 1 vs SOC 2 Reports - What's the Difference?
by CJ Hurd on September 1, 2023 at 3:00 PM
As the landscape of modern business shifts, one thing becomes clearer: outsourcing is not just a fleeting trend, but a strategic move adopted by companies across industries. With this increasing reliance on third-party services, there emerges an unprecedented need for more rigorous me …
Center for Internet Security (CIS) Controls V8 – What's New?
by Jeffrey Torrance on August 5, 2021 at 4:00 PM
With the advent of the novel Coronavirus and the subsequent lockdowns, companies were forced to innovate on how and where they did work. The workforce shifted from the familiar physical and logical boundaries of corporate offices to home offices that provided greater flexibility but a …
The Difference Between IT Risk Assessments and IT Audits
by Patrick Hughes on July 7, 2021 at 1:00 PM
While information technology (IT) risk assessments and information technology (IT) audits go hand in hand with one another, the two terms are often misused. There are quite a few key differences to note when it comes to IT risk assessments and IT audits and determining which is best f …