.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
IT Audit: Because you know I'm all about that Scope, 'bout that scope.
by Jerry Hughes on March 20, 2017 at 10:00 AM
.png)
The term IT Audit is so often used and misused by IT and business professionals in all industries. According to Wikipedia, IT Audit is defined as, “an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence deter …
SSAE 16 SOC 2 Report: The 5 Trust Principles
by Geoff Yeagley on July 20, 2016 at 10:00 AM
Over the past several weeks, we have been digging in to the SSAE 16 SOC 2 reports. We have looked at what a SOC 2 report is, the differences between a Type I and Type II report, and why the Section III is so important. This week we are going to look at what are called the 5 Trust Serv …
AT 101 SOC 2 Report: What is a Section III?
by Geoff Yeagley on July 13, 2016 at 10:10 AM
In the last couple of posts, we talked about how an AT 101 SOC 2 report differs from a SOC 1 and SOC 3 report and also what the differences are between a SOC 2 Type I and Type II report. In this post, we are going to continue dissecting the different terminology and components of the …
SSAE 16 SOC 2: Differences Between Type I and Type II Reports
by Geoff Yeagley on June 29, 2016 at 10:42 AM
One of the challenges that we have when it comes to consulting with our clients on SSAE 16 is the confusion that comes with the different reports and types of reports. In last weeks blog post, we outlined what the key differences are between a SOC 1, SOC 2, and a SOC 3 report. This we …
SSAE 16 SOC 2 Reports: How Are They Different From Other SOC Reports?
by Geoff Yeagley on June 22, 2016 at 10:54 AM
Fact: More and more organizations are outsourcing business functions to third party providers so they can concentrate on their core business functions, reduce headcount, and ultimately save money. A great example of this is what is called Business Process Outsourcing (BPO) where compa …
IT Risk Assessment and the SANS Top 20 - Part IV
by Geoff Yeagley on February 23, 2016 at 11:00 AM
I know, I know. Before you even say it, they are called the Center for Internet Security Critical Security Controls, not the SANS Top 20 anymore. But, everyone knows them as the SANS Top 20 and often times still refers to them by this name which is why I stuck with it for the final pa …