Search
Search the blog.
GDPR Article 32 in practice: which security controls actually satisfy it
Article 32 names encryption and resilience but refuses to give you a checklist. Here is how regulators read it after a breach, and which ISO 27001 and CIS controls map to each clause.
Mapping ISO 27001 to SOC 2: what actually overlaps, and where teams get burned
A practitioner's view of the ISO 27001 Annex A to SOC 2 Trust Services Criteria mapping. The real overlap, the parts that don't map, and the evidence mistakes that cost you a second audit.
NIS2 vs DORA: which one applies to you, and how to avoid building two programs
Scope, incident reporting timelines, and the lex specialis rule that decides whether a financial entity follows DORA or NIS2. Plus how both map onto ISO 27001 so you run one control set.