Subservice Organizations in SOC Reports: Carve-Out vs. Inclusive Method
by Rachel Hughes on June 9, 2026 at 4:33 PM
When a service organization relies on another vendor to perform part of its service, that vendor relationship doesn’t disappear from the SOC audit. Think of a payroll processor using a third-party data center, for example, or a SaaS company built on a major cloud infrastructure provid …
Does SOC 2 Reduce Security Questionnaires, or Just Change Them?
by Derek Boczenowski on May 28, 2026 at 11:00 AM
Every B2B vendor chasing enterprise deals eventually asks the same thing. We are pouring real money and real calendar time into a SOC 2 Type 2 report, so will it actually reduce the security questionnaires we get buried under, or will buyers just keep sending them anyway?
Third Party Administrator (TPA) Risks: IT Security & Compliance Guide
by Kyle Daun on May 27, 2026 at 4:05 PM
If your organization handles sensitive data and outsources any operational work, there is a good chance a Third Party Administrator (TPA) is somewhere in your environment. Maybe they process claims for your self-funded health plan. Maybe they handle 401(k) recordkeeping. Maybe they ar …
When Vendors Get Hacked: Your Guide to Third-Party Data Breaches
by Derek Boczenowski on December 3, 2025 at 3:03 PM
In today's interconnected business ecosystem, organizations rely heavily on third-party vendors for everything from payroll and marketing to cloud hosting, customer support, and specialized financial-services processing. While these partnerships unlock efficiency and innovation, they …
Why Holiday Peak Readiness Depends on Strong SOC 2 Compliance
by Jerry Hughes on November 26, 2025 at 12:00 PM
Black Friday is no longer a single day of crowded stores and doorbuster sales. It has become a long digital stretch that can determine the financial outcome of an entire year for many retailers. For some online merchants, the holiday shopping season represents up to a third of their a …
Managing Vendor Risk Without a Dedicated Team
by Donald Mills on September 23, 2025 at 2:00 PM
High-profile breaches have shown that attackers often take the path of least resistance—and that path is frequently through a third party. The 2013 Target breach is the textbook example: attackers used a compromised HVAC vendor to access Target’s network, leading to a massive payment …
.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp)
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp)


%20Risks%20IT%20Security%20%26%20Compliance%20Guide.jpg)
.jpg)

