Regulatory
DORA became applicable in January 2025. This guide covers the ICT risk management framework, incident reporting timelines, TLPT testing, third-party ICT risk, who is in scope, and how a DORA audit supports compliance.
Regulatory
NIS2 significantly expands EU cyber security obligations. Learn about essential vs important entities, 10 minimum security measures, 24h/72h incident reporting, supply chain security, and how an audit supports compliance.
Regulatory
The EU AI Act establishes risk-based obligations for AI systems. This guide covers the risk classification tiers, technical documentation requirements, human oversight, transparency, and the conformity assessment process.
Cybersecurity
Cyber Essentials is the baseline — but many organisations need more. Explore UK national cyber standards, NCSC CAF, ISO 27001, who needs higher assurance, and how the audit process works.
Cybersecurity
Cyber Essentials is mandatory for many UK government suppliers. This guide covers the 5 technical controls, the difference between CE and CE Plus, the Crown Commercial Service requirement, and the certification process.
Cybersecurity
SOC 2 Type II is increasingly required by enterprise customers. This guide covers the 5 Trust Service Criteria, Type I vs Type II, what auditors examine, common gaps, and how a readiness gap analysis accelerates certification.
Data Protection
HITRUST is the de facto assurance standard in US healthcare. Learn about CSF v11, the three assessment types (e1, i1, r2), who needs HITRUST, and how a gap analysis prepares you for the validated assessment.
Data Protection
HIPAA applies to health plans, providers, and their business associates. This guide covers the Privacy Rule, Security Rule, Breach Notification Rule, administrative/physical/technical safeguards, and the audit process.
Data Protection
PIPEDA governs how Canadian businesses handle personal information. This guide covers the 10 fair information principles, consent requirements, cross-border data flows, and who needs a PIPEDA compliance audit.
Data Protection
Brazil's LGPD applies to any organisation processing data of individuals in Brazil. This guide covers the 10 legal bases, DPO requirements, ANPD, international transfers, how it compares to GDPR, and the audit process.
Data Protection
The UAE PDPL is the country's first comprehensive federal data protection law. This guide covers key obligations, cross-border transfers, controller vs processor roles, DIFC/ADGM specifics, and how a compliance audit works.
Data Protection
A practical guide to GDPR compliance audits: lawfulness of processing, DPIAs, data subject rights, transfer mechanisms, breach procedures, who needs an audit, and what penalties apply.
ISO Certification
ISO 27001 is the global standard for information security management. This guide covers ISMS requirements, Annex A controls, Statement of Applicability, risk assessment, and the differences between 2013 and 2022 versions.
ISO Certification
ISO 9001 is the world's most widely adopted quality management standard. This guide covers QMS requirements, the Stage 1 and Stage 2 audit process, surveillance audits, benefits, and who needs certification.
ISO Certification
Both standards are widely adopted, but they serve different purposes. We break down the key differences, overlap, and when you might need both.
ISO Certification
When choosing a certification body, 17021 conformance is the single most important factor. Here's what it means and how to verify it.
ISO Certification
The 2022 revision restructured Annex A controls from 114 to 93, introduced 11 new controls, and modernised the framework for cloud and privacy.
ISO Certification
The Stage 1 audit is your certification body's first look at your management system. Here's exactly what to expect and how to prepare.
ISO Certification
Risk-based thinking replaced preventive action in the 2015 revision. Here's how to implement it without overcomplicating your QMS.
No articles found in this category.