Search

    Setting up for success - AI in security and compliance

    AI has transformed industries left and right. From automating tasks, analyzing massive datasets, and streamlining complex decision-making. At first...
    2 min Read

    Mastering Pentesting for Security and Audits: A Comprehensive Guide

    We worked with Software Secured to create a blog answering all must-know questions on when to start your penetration test.
    4 min Read

    What to look for when selecting an audit firm in 2025

    This blog gives you a headstart on what to look for when selecting an audit firm by highlighting key factors to consider. By asking the right questions...
    3 min Read

    The evolution of compliance frameworks

    It’s no secret that the compliance landscape is constantly evolving, with frameworks following a similar suit. What we once knew about frameworks like...
    1 min Read

    The power of using compliance metadata

    Compliance metadata is not merely data—it's the universal data that underpins trust and compliance.
    1 min Read

    Collaboration vs competition in an ever-changing compliance landscape

    In this blog, we look at the differences in collaboration and competition, and how businesses can use both to establish a competitive advantage.
    1 min Read

    Bridging the Gap Across the Trust Triangle

    Although they share a common goal, the three parties involved in the audit process often have different methods to get there. This disconnect can lead...
    2 min Read

    Fundamentals of change management: The change review and approval process

    In this part of our change management blog series, we look at the change review and approval process. These are essential parts of development in the...
    3 min Read

    Fundamentals of Change Management

    The change management process is a critical part of the knowledge and processes in completing a SOC 2 audit. It encompasses information handling around...
    2 min Read

    Effective Risk Management Process

    Risk management is a structured and planned approach to identifying, evaluating, prioritising, and mitigating any risks that could threaten the goals...
    3 min Read

    The Cycle of Trust: From Public Concerns to Industry Adoption

    In this third instalment of our trust blog series, we delve into the balance between public concerns, regulatory frameworks and industry adoption that...
    3 min Read

    Effective Vendor Management Process

    Third-party vendors have a critical role in improving an organisation's operational efficiency and capabilities. Organisations can focus on their core...
    3 min Read

    The Future of Trust: How Compliance Paves the Path Forward

    In a world fuelled by rapid advancements in technology, global interconnectivity, and evolving societal norms, trust is the bedrock that supports...
    2 min Read

    Effectively managing incidents

    A security incident can be defined as an occurrence that actually or imminently jeopardises, without lawful authority, the confidentiality, integrity,...
    3 min Read

    Unlocking Trust through Compliance Metadata

    In this post, we introduce Pillar: a trailblazing solution that uses Compliance Metadata to strengthen the 'Trust Triangle' and revolutionize the way...
    3 min Read

    Protecting assets from vulnerabilities

    In today's digital world, the security of your organisation's digital assets is critical. An effective vulnerability management program is an essential...
    3 min Read

    The three parts to a compliance program

    We see vastly different parts making up the compliance programs in our clients, but they ALL include three key components.
    2 min Read

    The story behind continuous audit: Why we're doing it

    Continuous audit has been talked about for over 10 years. From the start of my career, I remember it talked about as a concept, that made a lot of...
    3 min Read

    Access reviews simplified

    Access reviews shouldn't take hundreds of thousands of hours. If they do, it's time to look at a better risk-based approach.
    6 min Read

    The overlap of APRA and global standards

    When you're a licensed financial service provider in Australia, or even just selling your software/services to those providers, APRA regulations come...
    4 min Read

    The Compliance Pandemic

    As the COVID-19 pandemic captured the headlines; another, less visible pandemic was playing out. The compliance pandemic.
    3 min Read

    10 Compliance Standards to Consider

    When starting on your compliance journey, you might start by asking "which compliance standard is best for us?" But once you explore the realm of...
    6 min Read

    A practical guide to endpoint device controls and BYOD

    Bring-your-own-device is a common policy for startups. You may want to save costs, reduce waste/duplication, and/or give their people more flexibility...
    3 min Read

    When is the right time to implement a HRIS?

    A human resources information system (HRIS) can be a huge boost to startups and compliance programs. But when is the right time to implement one?
    3 min Read

    What’s the difference between security, privacy and confidentiality?

    Data security, privacy and confidentiality have always co-existed as important topics in their own right and as related concepts. The average person...
    3 min Read

    Five easy steps to implement polices that fit

    Documenting policies has always been a major pain point of companies working towards compliance. It can be a lot of work!
    3 min Read

    Audit ready in minutes: here’s how agile audits work

    Preparing for audits and compliance with standards like SOC 2 and ISO 27001, used to be an activity that took several months. That could be shortened...
    3 min Read

    Blending standards: why it's the new and better way

    There’s a lot of overlap between compliance standards, and often multiple are needed. So blending them together makes a lot of sense! How does that...
    4 min Read

    Generic vs. tailored audits: what’s the difference?

    Generic audits, also referred to as bundled audits, platform-trained auditors, out-of-the-box or pre-built control sets, are an approach to audits...
    4 min Read

    Software for Compliance

    What's the best way to leverage software for your compliance? This is the hot topic that's shaping the compliance industry.
    3 min Read

    Becoming a Certified B-Corp

    We’ve had a few questions about our B-Corp certification; why do it? How does it work? What does it actually involve? 🙋‍♀️
    4 min Read

    The five reasons startups go for security certifications

    Security and compliance qualifications, like SOC 2 and ISO 27001, demonstrate that you apply good practices in your business.
    3 min Read

    Practical tips from six successful compliance projects

    Our clients have worked through the daunting and challenging task of achieving compliance with global security standards like SOC 2 and ISO 27001.
    4 min Read

    Managing Controls: Continuous

    Continuous controls are systematic or design functions that once implemented, continuously apply in practice.
    3 min Read

    InfoSec Automation: The Definitive Guide

    The topical focus in InfoSec compliance and assurance standards, is automation. How do you implement your control practices in a systematic way that...
    3 min Read

    Auditor selection checklist: 10 things to consider

    When selecting an audit provider there are 10 important things to consider that aren’t obvious to those that haven't been through audits before.
    4 min Read

    Managing Controls: Periodic

    Periodic controls are the meetings, reviews and other activities that are performed at regular intervals.
    3 min Read

    Managing Controls: Event-Based

    Event-based controls are performed in conjunction with ad-hoc events that occur; new employees, incidents, and change releases, for example.
    4 min Read

    The four functions of security and compliance software

    A game-changer in the information security and compliance industry has been the rise of software automation.
    3 min Read

    The five drivers of information security 'compliance' in 2021

    Information security compliance had a big year in 2020. When the pandemic lock downs came into effect, it put remote working practices to the test. The...
    3 min Read

    Compliance 4.0: What's in store?

    Compliance in Industry 4.0 will be defined by integration and expert process automation. We explore what that looks like.

    2 min Read

    Mixing Startups & Accountants

    Yes... SOC 2 is a paradox. Why would a technology security standard be signed off by chartered accountants?

    2 min Read

    Controls: Barrier or Enabler?

    There's a misconception that "controls" are the barriers that prevent actions and create more work. If designed poorly they can be...

    3 min Read

    The 4 Control Concepts

    The term "control" can be confusing. It's just the business practices that support your objectives. There's four concepts you should know.

    4 min Read
    All posts