Search

    GS 007 - What’s involved

    In our first article (GS 007 – The Essentials), we provided an initial overview of GS 007's requirements to help assess whether the framework aligns...
    3 min Read

    The importance of the CSRD Reporting initiative

    Why voluntary CSRD reporting is a smart move in the wake of the EU ESG reporting. As the regulatory landscape in Europe continues to evolve, companies...
    1 min Read

    What is The Corporate Sustainability Reporting Directive?

    What is the CSRD and why was it adopted? The Corporate Sustainability Reporting Directive (CSRD) aims to increase the standard of environmental...
    1 min Read

    Meet Ross Dolbec, VP of Sales, NAMER

    Meet Ross, our VP of Sales, NAMER at AssuranceLab. With an extensive career in sales and partnerships, Ross is ready to take our North American growth...
    2 min Read

    Continuing to celebrate our diversity

    As People & Culture Manager, I am in the most exciting position as I get to welcome so many brilliant new employees to AssuranceLab. A few months ago,...
    1 min Read

    Navigating CPS 230 as a Service Provider

    As the Australian Prudential Regulation Authority (APRA) rolls out Prudential Standard CPS 230 Operational Risk Management (effective 1 July 2025),...
    3 min Read

    Setting up for success - AI in security and compliance

    AI has transformed industries left and right. From automating tasks, analyzing massive datasets, and streamlining complex decision-making. At first...
    2 min Read

    Understanding GS 007

    A quick search for information on the GS 007 audit framework is enough to make your head spin. This article aims to clear some of the confusion by...
    2 min Read

    Reimagining professional services: how we built a new and better way

    When we set out to build AssuranceLab, we weren’t just creating another professional services firm. We wanted to rethink everything—from how we serve...
    3 min Read

    Navigating your ISO 42001 journey: the most common FAQs

    Written by Mi Zhao - Certified ISO 42001 Lead Auditor & Senior Manager and Jack Holmes - Certified ISO 42001 Lead Auditor & Senior Consultant We’ve...
    2 min Read

    HIPAA compliance for startups and SaaS companies

    When it comes to handling sensitive health information, HIPAA compliance isn't just a nice to have; it's a legal necessity. Whether you're a startup...
    2 min Read

    2024 People and Culture year in review

    Take a look back on 2024 at AssuranceLab from our People & Culture Manager Bradley Steinbach
    1 min Read

    Understanding CSA STAR: the gold standard for cloud security

    As businesses increasingly migrate to the cloud, ensuring the security of cloud services has become a top priority. The Cloud Security Alliance (CSA)...
    2 min Read

    Navigating cyber privacy and data protection in Australia

    In Australia, the cyber privacy and data protection landscape consists of several national regulations plus international influences. Understanding...
    2 min Read

    Mastering Pentesting for Security and Audits: A Comprehensive Guide

    We worked with Software Secured to create a blog answering all must-know questions on when to start your penetration test.
    4 min Read

    What to look for when selecting an audit firm in 2025

    This blog gives you a headstart on what to look for when selecting an audit firm by highlighting key factors to consider. By asking the right questions...
    3 min Read

    The TL;DR of SOC 2

    In 2024, the importance of SOC 2 compliance has reached new heights as businesses increasingly rely on third-party service providers to handle...
    3 min Read

    Understanding the global standard for data protection

    In today’s digital age, the protection of personal data has become a critical issue worldwide. At the forefront of this movement is the General Data...
    3 min Read

    CCPA or CPRA: What California's privacy laws mean for you

    If your business operates in California or handles the personal information of California residents, you’ve likely heard of the California Consumer...
    2 min Read

    The acai bowl of compliance

    A fresh take on frameworks. Get your baskets ready, because we’re heading to the fruit market of compliance to see how common frameworks compare to the...
    4 min Read

    The TL;DR of ISO 27001

    ISO 27001, the international standard for Information Security Management Systems (ISMS), has evolved significantly over the years to address the...
    3 min Read

    Key HIPAA terms and definitions

    Ensuring that patient information is safeguarded and personal health data remains confidential is a priority for all healthcare companies. HIPAA...
    2 min Read

    HIPAA compliance: how to get started

    In this article, we outline the key things needed to get you started, as well as how AssuranceLab can help you on this journey. If you're still unsure...
    1 min Read

    The #1 regret startups have about compliance

    Insights from Eden Data’s survey of high-growth organizations.
    2 min Read

    Empowering Australia’s leading tech companies

    In the fast-paced tech industry, achieving compliance isn’t just a checkbox exercise—it’s the foundation for scaling globally. For premium technology...
    2 min Read

    The evolution of compliance frameworks

    It’s no secret that the compliance landscape is constantly evolving, with frameworks following a similar suit. What we once knew about frameworks like...
    1 min Read

    Everything we knew about SOC 2 was wrong

    After 15 years of working with SOC 2 for clients around the world, we needed to issue our own SOC 2 reports for AssuranceLab. It was brutal. And it...
    3 min Read

    Introducing ISO 42001 - an update to the AssuranceLab GRC City

    Written by Mi Zhao - Certified ISO 42001 Lead Auditor & Senior Manager and Jack Holmes - Certified ISO 42001 Lead Auditor & Senior Consultant With over...
    2 min Read

    Mental health awareness in the workplace

    "Mental Health awareness in the workplace has been a topic gaining more and more exposure over the past few years and something that I feel passionate...
    3 min Read

    The power of using compliance metadata

    Compliance metadata is not merely data—it's the universal data that underpins trust and compliance.
    1 min Read

    Collaboration vs competition in an ever-changing compliance landscape

    In this blog, we look at the differences in collaboration and competition, and how businesses can use both to establish a competitive advantage.
    1 min Read

    Myths of the ISO 27001 standard

    Common myths, misunderstandings and misconceptions of the ISO 27001 standard
    2 min Read

    The Rise of Environmental, Social and Governance Reporting

    Written by Gemma Weedon and Nick Dowdeswell In this article, we break down the ESG basics and highlight what this looks like in practice for businesses...
    3 min Read

    The journey towards 50 incredible team members

    This year we celebrated a huge milestone - hiring our 50th team member.
    2 min Read

    Bridging the Gap Across the Trust Triangle

    Although they share a common goal, the three parties involved in the audit process often have different methods to get there. This disconnect can lead...
    2 min Read

    Life as a manager is just a day at the zoo!

    In the middle of April, Sydney Harbour witnessed a very rare sight – a pod of Orcas! No, they weren’t actual Orcas, but instead, eight very keen...
    2 min Read

    Navigating the Three-Sided Path to Trust and Compliance

    When businesses look to achieve compliance and build trust, a three-sided relationship between the business entity, advisors and audits occurs. This...
    2 min Read

    World Book and Copywriting Day 2024

    To celebrate World Book and Copywriting Day 2024, we asked the team to share what they are currently reading and what they love about it! This could be...
    2 min Read

    Maintaining company culture in a remote work environment

    A positive company culture is important in any workplace and aids in the well-being of employees and the business. It is unique to each company but is...
    3 min Read

    Fundamentals of change management: The change review and approval process

    In this part of our change management blog series, we look at the change review and approval process. These are essential parts of development in the...
    3 min Read

    Understanding the different ISO standards

    Are you confused by the 22,000+ variations of the letters and numbers of the International Organisation for Standardisation (ISO) Standards? Let’s...
    3 min Read

    Meet Bradley Steinbach, our People and Culture Manager

    Meet Bradley, our People and Culture Manager here at AssuranceLab. With an impressive career working in tech startups (even placing a few of our team...
    2 min Read

    Fundamentals of Change Management

    The change management process is a critical part of the knowledge and processes in completing a SOC 2 audit. It encompasses information handling around...
    2 min Read

    Talking with Ducks: Embracing AssuranceLab's Values

    Picture this: It's just another day at AssuranceLab - Slack huddles, focus time blocks, calendars with check-ins, client commitments and hard work. Mat...
    3 min Read

    Effective Risk Management Process

    Risk management is a structured and planned approach to identifying, evaluating, prioritising, and mitigating any risks that could threaten the goals...
    3 min Read

    The Cycle of Trust: From Public Concerns to Industry Adoption

    In this third instalment of our trust blog series, we delve into the balance between public concerns, regulatory frameworks and industry adoption that...
    3 min Read

    Embracing Growth and Leading the Way: Our Unforgettable Offsite

    Our offsite in Cronulla, Sydney, was an incredible way to finish a year of growth and success for our expanding team! Months of planning culminated in...
    1 min Read

    Effective Vendor Management Process

    Third-party vendors have a critical role in improving an organisation's operational efficiency and capabilities. Organisations can focus on their core...
    3 min Read

    The Future of Trust: How Compliance Paves the Path Forward

    In a world fuelled by rapid advancements in technology, global interconnectivity, and evolving societal norms, trust is the bedrock that supports...
    2 min Read

    3 Ways to Improve Employee Engagement

    In this article, we'll explore the vital link between employee experience and engagement, while providing some simple yet necessary ways to help ensure...
    2 min Read

    Effectively managing incidents

    A security incident can be defined as an occurrence that actually or imminently jeopardises, without lawful authority, the confidentiality, integrity,...
    3 min Read

    Unlocking Trust through Compliance Metadata

    In this post, we introduce Pillar: a trailblazing solution that uses Compliance Metadata to strengthen the 'Trust Triangle' and revolutionize the way...
    3 min Read

    Protecting assets from vulnerabilities

    In today's digital world, the security of your organisation's digital assets is critical. An effective vulnerability management program is an essential...
    3 min Read

    19 book & podcast recommendations from our team

    We recently celebrated the milestone of crossing 30 team members (now 31) happily working away from six countries, so we circulated a quick survey to...
    3 min Read

    How to prepare for ISO 27001 Stage 2 audit after completing Stage 1

    The ISO 27001 certification process is divided into two stages: Stage 1 audit and Stage 2 audit. Following the completion of the Stage 1 audit, the...
    3 min Read

    Meet Mat Camp, Pillar’s new Head of Product

    In our continued pursuit to trailblaze in the audit world, we’ve recently onboarded a seasoned B2B product leader as part of Team Pillar; to power the...
    3 min Read

    Some audits are just bearable, here are 7 ways we make them lovable

    We had some feedback from a client recently saying, “...at times we forgot an audit was even happening!” If that’s not the goal in modern audit service...
    3 min Read

    Our growing list of supported compliance accreditations

    We offer 30+ standards, as a CA and CPA firm, Certified CSA STAR Auditor, and a certification body for the ISO family of standards. Check out the full...
    4 min Read

    Essential Steps and Requirements for SOC 2 Compliance

    SOC 2 reports are independent assessments conducted by certified public accounting firms or other qualified auditors. These reports provide a level of...
    2 min Read

    Hear from our team on some recent audit engagements

    At AssuranceLab, we love helping our visionary clients achieve their compliance goals, and celebrating their wins with them!
    3 min Read

    Our alliance with Drata

    The audit and compliance ecosystem has become a jungle of varying compliance platform and audit firm alliances. Our alliance with Drata unlocks great...
    7 min Read

    The three parts to a compliance program

    We see vastly different parts making up the compliance programs in our clients, but they ALL include three key components.
    2 min Read

    The story behind continuous audit: Why we're doing it

    Continuous audit has been talked about for over 10 years. From the start of my career, I remember it talked about as a concept, that made a lot of...
    3 min Read

    Access reviews simplified

    Access reviews shouldn't take hundreds of thousands of hours. If they do, it's time to look at a better risk-based approach.
    6 min Read

    Our SOC 2 and what it means

    In November 2022, we released our SOC 2 Type I report to demonstrate our commitment to securing our clients sensitive information assets.
    4 min Read

    The overlap of APRA and global standards

    When you're a licensed financial service provider in Australia, or even just selling your software/services to those providers, APRA regulations come...
    4 min Read

    The timeline, steps, and what’s involved for SOC 2 and other attestations

    Audit requirements, steps involved and associated timelines are steps that go hand in hand. We often hear claims in the market that it will take you...
    3 min Read

    Comparing SOC 2 and ISO 27001 in practice

    The two most common globally recognised, cross-industry, information security standards, are SOC 2 and ISO 27001. Despite about 80% overlap in what...
    4 min Read

    The Compliance Pandemic

    As the COVID-19 pandemic captured the headlines; another, less visible pandemic was playing out. The compliance pandemic.
    3 min Read

    How we're different: Our 10 value props

    Our software and audit services combination has been iterated and refined over the last four years. There's 10 key value differentiators in our...
    3 min Read

    SOC 1: Defining the Objectives

    SOC 1 is a standard that can be confusing; why would the company get to define its own criteria, or “control objectives”, for achieving the SOC 1...
    3 min Read

    Our ESG Framework for Reporting

    There are lots of ESG standards out there, so why did we create our own?
    5 min Read

    10 Compliance Standards to Consider

    When starting on your compliance journey, you might start by asking "which compliance standard is best for us?" But once you explore the realm of...
    6 min Read

    Cutting Through the Complexity of ISO 27001

    Often considered the preeminent information security standard, ISO 27001 is becoming an increasingly popular certification. Upon first look, it is a...
    2 min Read

    What to expect in the ACCC accreditation process?

    Many of our clients push hard and fast to achieve compliance, complete their audit, and submit their CDR application to the ACCC to get accredited....
    3 min Read

    A practical guide to endpoint device controls and BYOD

    Bring-your-own-device is a common policy for startups. You may want to save costs, reduce waste/duplication, and/or give their people more flexibility...
    3 min Read

    When is the right time to implement a HRIS?

    A human resources information system (HRIS) can be a huge boost to startups and compliance programs. But when is the right time to implement one?
    3 min Read

    What’s the difference between security, privacy and confidentiality?

    Data security, privacy and confidentiality have always co-existed as important topics in their own right and as related concepts. The average person...
    3 min Read

    Five easy steps to implement polices that fit

    Documenting policies has always been a major pain point of companies working towards compliance. It can be a lot of work!
    3 min Read

    The Definitive Guide to GDPR

    If you’ve customers or users in Europe, you probably know of GDPR. It’s that thing, that’s significant, with potential fines, and that your enterprise...
    3 min Read

    Audit ready in minutes: here’s how agile audits work

    Preparing for audits and compliance with standards like SOC 2 and ISO 27001, used to be an activity that took several months. That could be shortened...
    3 min Read

    Blending standards: why it's the new and better way

    There’s a lot of overlap between compliance standards, and often multiple are needed. So blending them together makes a lot of sense! How does that...
    4 min Read

    Generic vs. tailored audits: what’s the difference?

    Generic audits, also referred to as bundled audits, platform-trained auditors, out-of-the-box or pre-built control sets, are an approach to audits...
    4 min Read

    HIPAA Compliance three ways

    HIPAA is a healthcare data protection regulation; that’s mandatory to comply with and has optional attestations to satisfy enterprise customers.
    2 min Read

    CSA STAR: What you need to know

    Cloud Security Alliance covers modern cloud security practices to address a broad set of expectations and requirements of your enterprise customers.
    3 min Read

    SOC 2 + Options

    SOC 2 + is growing in popularity to combine a commonly accepted information security standard with other specific requirements.
    3 min Read

    Software for Compliance

    What's the best way to leverage software for your compliance? This is the hot topic that's shaping the compliance industry.
    3 min Read

    Becoming a Certified B-Corp

    We’ve had a few questions about our B-Corp certification; why do it? How does it work? What does it actually involve? 🙋‍♀️
    4 min Read

    Is unrestricted CDR accreditation the best path? 5 reasons it might be

    There are now five ways to use Consumer Data Right data; unrestricted, sponsored, operating as a representative or trusted advisor, or using CDR...
    2 min Read

    The Latest Updates to the Consumer Data Right Rules (Version 3)

    There are now five access models for CDR data, after previously only the unrestricted accreditation model.
    5 min Read

    The boundary of your CDR Data Environment

    Defining the boundary of your CDR Data Environment is an important early step in your pursuit of CDR accreditation. Why?
    3 min Read

    The five reasons startups go for security certifications

    Security and compliance qualifications, like SOC 2 and ISO 27001, demonstrate that you apply good practices in your business.
    3 min Read

    Practical tips from six successful compliance projects

    Our clients have worked through the daunting and challenging task of achieving compliance with global security standards like SOC 2 and ISO 27001.
    4 min Read

    Google CDR Security

    Google's Cloud Platform and Workspace provide a comprehensive suite of products, settings, and user guides for achieving the CDR accreditation.
    2 min Read

    Managing Controls: Continuous

    Continuous controls are systematic or design functions that once implemented, continuously apply in practice.
    3 min Read

    InfoSec Automation: The Definitive Guide

    The topical focus in InfoSec compliance and assurance standards, is automation. How do you implement your control practices in a systematic way that...
    3 min Read

    Auditor selection checklist: 10 things to consider

    When selecting an audit provider there are 10 important things to consider that aren’t obvious to those that haven't been through audits before.
    4 min Read

    Managing Controls: Periodic

    Periodic controls are the meetings, reviews and other activities that are performed at regular intervals.
    3 min Read

    Managing Controls: Event-Based

    Event-based controls are performed in conjunction with ad-hoc events that occur; new employees, incidents, and change releases, for example.
    4 min Read

    Straight to SOC 2 Type 2

    While we recommend a Type 1 prior to Type 2, we've conceded straight to Type 2 is a growing preference. Our focus has shifted to how we can enable it!
    4 min Read
    All posts