ARTICLES

Security and Compliance from Friendly Rhode Island

Each morning, Nicholas Foisy steers his car into a parking spot outside the offices of Compass IT Compliance. Located in a residential section of North Providence, the small firm has been serving the security and compliance needs of customers for over a decade. The thirty or so team members who work for Compass IT Compliance are mostly from the region, and at least fifty percent of the company’s customers are also New Englanders.

Compass IT Compliance offers personalized professional services for small and medium sized businesses. Their penetration testing, web application scanning, user training, and social engineering protection services position them well to address the cyber security need of their customers. With audit and assessment capabilities for PCI DSS, NIST CSF, and other frameworks, the company also serves the compliance needs of its customer base.

I spent some time recently with Foisy, who manages marketing for the firm. He shared a delightful story of a company that was founded by two men who brought their respective audit and account management backgrounds to the partnership. Ten years later, they have created a vibrant practice with satisfied customers and a managed growth plan that adds new customers and employees on a pace that can be easily absorbed.

From a TAG Cyber perspective, I must be honest: Compass IT Compliance is not the type of company we usually cover in our analysis. We’re usually sharing insights with high-flying cyber security start-ups enjoying millions in Series A from a famous investment house. We are used to seeing hockey stick-shaped revenue projections and staff growth plans. And we usually hear terms like “advanced,” “spectacular,” and “amazing,” during fancy briefings.

I guess this is why I decided to spotlight Compass IT Compliance in this article. They reminded me – and I hope they will remind you all – that the ultimate purpose of a business does not have to be some advanced, spectacular, and amazing IPO or other Big Dollar exit. Rather, a business can be created and operated for the sole delightful purpose of helping customers, and for providing a wonderful place for employees to live, work, and grow.

After speaking with Foisy, I agreed to support their small conference in Rhode Island in September as a speaker. Apparently, they take any excess profits from the event, and donate the money to charity. Now, that is super refreshing, and something I never, ever hear from cyber security companies running speaking events. My norm, instead, involves taking out a second mortgage just to cover a few tickets to that grubby RSA Conference.

Take a moment and check out the Compass IT Compliance website. If you are a small or medium sized business in New England with security or compliance needs, then give Foisy and the team a call. But I hope that not too many of you call. I mean, if Compass IT Compliance gets too powerful, then perhaps they’ll start using words like “advanced,” “spectacular,” and “amazing.” That would be a shame, because I like them as they are.

Let me know what you think.