• Company close button
  • Company
    About us →
    Who we are, what we do and why?
    Our Partners →
    Connect with our great partner network for additional services and holistic value
    Open Roles →
    Want to work with exciting, high-growth clients, on audits that matter?
    Case Studies →
    Read about why clients trust us as their auditors
    Trust Centre →
    Learn more about our own security compliance program
    Case Studies
    New wave audit technology for end-to-end AI automation platforms
    Read More
  • Audits close button
  • Audit Frameworks Read More
    SOC 1 →
    Prove the integrity of your systems for supporting financial reporting data
    SOC 2 →
    Demonstrate the security of your system and organisational controls
    ISO 27001 →
    Certify your information security management system (ISMS)
    ISO 42001 →
    Certify your artificial intelligence management system (AIMS)
    CSA STAR →
    Demonstrate best-practice cloud security controls with CSA STAR Level 2 certification
    Privacy Compliance →
    Demonstrate your privacy compliance; GDPR, CCPA, ISO 27701 and more
    Consumer Data Right →
    Achieve accreditation for the CDR with an assurance report covering Schedule
    HIPAA →
    Demonstrate compliance with the HIPAA regulation for enterprise healthcare customers
    Asset Management →
    Build trust with institutional investors through GS 007 reporting
    Sustainability Reporting →
    Improve and report on your environmental, social and governance impact
    How-to Guides Read More
    Free guide for leaders who think their next phase of growth will require a security and compliance focus.
    Download
    Google CDR Security White Paper
    Explore our Google CDR Security Whitepaper
    Download
    AWS CDR Security White Paper
    Explore our AWS CDR Security Whitepaper
    Download
  • Apps close button
  • Apps
    Pillar →
    Access 30+ frameworks and run audits your way with our GRC platform
    PolicyTree →
    Generate a tailored set of 21 policies and your compliance system description
    ISO 27001 Launchpad →
    Work towards your ISO 27001 certification with our step-by-step guide
    AI-powered audits →
    AI-powered audits provide fast client feedback, increases efficiency and reduces unnecessary audit queries.
  • Resources close button
  • Resources
    Knowledge Base →
    Our searchable guidance with answers to common questions
    Compare Standards →
    Compare the leading standards to see which is best for you
    Best Practice Series →
    The why and how-to-guides for InfoSec best practices
    Case Studies →
    Practical tips, insights and the user experience of our clients
    Blogs →
    Simple guides, industry updates and thought leadership on audits and compliance
    Comprehensive SOC 2 Guide →
    The gold standard when earning the trust of your dream customers.
    CXO Guide →
    Our complete CXO guide on security and compliance
    CDR How-to Guides →
    Complete guides on the information security requirements of the CDR
    CDR AWS Security White Paper →
    Complete guide on CDR AWS Security
    CDR Google Security White Paper →
    Complete guide on CDR Google Security
    Latest Blog Post
    GS 007 - What’s involved
    Read More
    The importance of the CSRD Reporting initiative
    Read More
    Contact us

Resources, insights & guidance

Content to help you understand and achieve your compliance goals

  • SOC 3
  • SOC 2
  • SOC 1
  • Practice guides
  • ISO 42001
  • ISO 27001
  • HIPAA
  • GS 007
  • GDPR
  • ESG
  • CSA STAR
  • CPS 230
  • CDR
  • CCPA/CPRA
  • About AssuranceLab
Search

    Post

    Search

    Setting up for success - AI in security and compliance

    AI has transformed industries left and right. From automating tasks, analyzing massive datasets, and streamlining complex decision-making. At first...

    Share Post
    Share Post
    Share Link
    2 min Read

    Mastering Pentesting for Security and Audits: A Comprehensive Guide

    We worked with Software Secured to create a blog answering all must-know questions on when to start your penetration test.

    Share Post
    Share Post
    Share Link
    4 min Read

    What to look for when selecting an audit firm in 2025

    This blog gives you a headstart on what to look for when selecting an audit firm by highlighting key factors to consider. By asking the right questions...

    Share Post
    Share Post
    Share Link
    3 min Read

    The evolution of compliance frameworks

    It’s no secret that the compliance landscape is constantly evolving, with frameworks following a similar suit. What we once knew about frameworks like...

    Share Post
    Share Post
    Share Link
    1 min Read

    The power of using compliance metadata

    Compliance metadata is not merely data—it's the universal data that underpins trust and compliance.

    Share Post
    Share Post
    Share Link
    1 min Read

    Collaboration vs competition in an ever-changing compliance landscape

    In this blog, we look at the differences in collaboration and competition, and how businesses can use both to establish a competitive advantage.

    Share Post
    Share Post
    Share Link
    1 min Read

    Bridging the Gap Across the Trust Triangle

    Although they share a common goal, the three parties involved in the audit process often have different methods to get there. This disconnect can lead...

    Share Post
    Share Post
    Share Link
    2 min Read

    Fundamentals of change management: The change review and approval process

    In this part of our change management blog series, we look at the change review and approval process. These are essential parts of development in the...

    Share Post
    Share Post
    Share Link
    3 min Read

    Fundamentals of Change Management

    The change management process is a critical part of the knowledge and processes in completing a SOC 2 audit. It encompasses information handling around...

    Share Post
    Share Post
    Share Link
    2 min Read

    Effective Risk Management Process

    Risk management is a structured and planned approach to identifying, evaluating, prioritising, and mitigating any risks that could threaten the goals...

    Share Post
    Share Post
    Share Link
    3 min Read

    The Cycle of Trust: From Public Concerns to Industry Adoption

    In this third instalment of our trust blog series, we delve into the balance between public concerns, regulatory frameworks and industry adoption that...

    Share Post
    Share Post
    Share Link
    3 min Read

    Effective Vendor Management Process

    Third-party vendors have a critical role in improving an organisation's operational efficiency and capabilities. Organisations can focus on their core...

    Share Post
    Share Post
    Share Link
    3 min Read

    The Future of Trust: How Compliance Paves the Path Forward

    In a world fuelled by rapid advancements in technology, global interconnectivity, and evolving societal norms, trust is the bedrock that supports...

    Share Post
    Share Post
    Share Link
    2 min Read

    Effectively managing incidents

    A security incident can be defined as an occurrence that actually or imminently jeopardises, without lawful authority, the confidentiality, integrity,...

    Share Post
    Share Post
    Share Link
    3 min Read

    Unlocking Trust through Compliance Metadata

    In this post, we introduce Pillar: a trailblazing solution that uses Compliance Metadata to strengthen the 'Trust Triangle' and revolutionize the way...

    Share Post
    Share Post
    Share Link
    3 min Read

    Protecting assets from vulnerabilities

    In today's digital world, the security of your organisation's digital assets is critical. An effective vulnerability management program is an essential...

    Share Post
    Share Post
    Share Link
    3 min Read

    The three parts to a compliance program

    We see vastly different parts making up the compliance programs in our clients, but they ALL include three key components.

    Share Post
    Share Post
    Share Link
    2 min Read

    The story behind continuous audit: Why we're doing it

    Continuous audit has been talked about for over 10 years. From the start of my career, I remember it talked about as a concept, that made a lot of...

    Share Post
    Share Post
    Share Link
    3 min Read

    Access reviews simplified

    Access reviews shouldn't take hundreds of thousands of hours. If they do, it's time to look at a better risk-based approach.

    Share Post
    Share Post
    Share Link
    6 min Read

    The overlap of APRA and global standards

    When you're a licensed financial service provider in Australia, or even just selling your software/services to those providers, APRA regulations come...

    Share Post
    Share Post
    Share Link
    4 min Read

    The Compliance Pandemic

    As the COVID-19 pandemic captured the headlines; another, less visible pandemic was playing out. The compliance pandemic.

    Share Post
    Share Post
    Share Link
    3 min Read

    10 Compliance Standards to Consider

    When starting on your compliance journey, you might start by asking "which compliance standard is best for us?" But once you explore the realm of...

    Share Post
    Share Post
    Share Link
    6 min Read

    A practical guide to endpoint device controls and BYOD

    Bring-your-own-device is a common policy for startups. You may want to save costs, reduce waste/duplication, and/or give their people more flexibility...

    Share Post
    Share Post
    Share Link
    3 min Read

    When is the right time to implement a HRIS?

    A human resources information system (HRIS) can be a huge boost to startups and compliance programs. But when is the right time to implement one?

    Share Post
    Share Post
    Share Link
    3 min Read

    What’s the difference between security, privacy and confidentiality?

    Data security, privacy and confidentiality have always co-existed as important topics in their own right and as related concepts. The average person...

    Share Post
    Share Post
    Share Link
    3 min Read

    Five easy steps to implement polices that fit

    Documenting policies has always been a major pain point of companies working towards compliance. It can be a lot of work!

    Share Post
    Share Post
    Share Link
    3 min Read

    Audit ready in minutes: here’s how agile audits work

    Preparing for audits and compliance with standards like SOC 2 and ISO 27001, used to be an activity that took several months. That could be shortened...

    Share Post
    Share Post
    Share Link
    3 min Read

    Blending standards: why it's the new and better way

    There’s a lot of overlap between compliance standards, and often multiple are needed. So blending them together makes a lot of sense! How does that...

    Share Post
    Share Post
    Share Link
    4 min Read

    Generic vs. tailored audits: what’s the difference?

    Generic audits, also referred to as bundled audits, platform-trained auditors, out-of-the-box or pre-built control sets, are an approach to audits...

    Share Post
    Share Post
    Share Link
    4 min Read

    Software for Compliance

    What's the best way to leverage software for your compliance? This is the hot topic that's shaping the compliance industry.

    Share Post
    Share Post
    Share Link
    3 min Read

    Becoming a Certified B-Corp

    We’ve had a few questions about our B-Corp certification; why do it? How does it work? What does it actually involve? 🙋‍♀️

    Share Post
    Share Post
    Share Link
    4 min Read

    The five reasons startups go for security certifications

    Security and compliance qualifications, like SOC 2 and ISO 27001, demonstrate that you apply good practices in your business.

    Share Post
    Share Post
    Share Link
    3 min Read

    Practical tips from six successful compliance projects

    Our clients have worked through the daunting and challenging task of achieving compliance with global security standards like SOC 2 and ISO 27001.

    Share Post
    Share Post
    Share Link
    4 min Read

    Managing Controls: Continuous

    Continuous controls are systematic or design functions that once implemented, continuously apply in practice.

    Share Post
    Share Post
    Share Link
    3 min Read

    InfoSec Automation: The Definitive Guide

    The topical focus in InfoSec compliance and assurance standards, is automation. How do you implement your control practices in a systematic way that...

    Share Post
    Share Post
    Share Link
    3 min Read

    Auditor selection checklist: 10 things to consider

    When selecting an audit provider there are 10 important things to consider that aren’t obvious to those that haven't been through audits before.

    Share Post
    Share Post
    Share Link
    4 min Read

    Managing Controls: Periodic

    Periodic controls are the meetings, reviews and other activities that are performed at regular intervals.

    Share Post
    Share Post
    Share Link
    3 min Read

    Managing Controls: Event-Based

    Event-based controls are performed in conjunction with ad-hoc events that occur; new employees, incidents, and change releases, for example.

    Share Post
    Share Post
    Share Link
    4 min Read

    The four functions of security and compliance software

    A game-changer in the information security and compliance industry has been the rise of software automation.

    Share Post
    Share Post
    Share Link
    3 min Read

    The five drivers of information security 'compliance' in 2021

    Information security compliance had a big year in 2020. When the pandemic lock downs came into effect, it put remote working practices to the test. The...

    Share Post
    Share Post
    Share Link
    3 min Read

    Compliance 4.0: What's in store?

    Compliance in Industry 4.0 will be defined by integration and expert process automation. We explore what that looks like.

    Share Post
    Share Post
    Share Link
    2 min Read

    Mixing Startups & Accountants

    Yes... SOC 2 is a paradox. Why would a technology security standard be signed off by chartered accountants?

    Share Post
    Share Post
    Share Link
    2 min Read

    Controls: Barrier or Enabler?

    There's a misconception that "controls" are the barriers that prevent actions and create more work. If designed poorly they can be...

    Share Post
    Share Post
    Share Link
    3 min Read

    The 4 Control Concepts

    The term "control" can be confusing. It's just the business practices that support your objectives. There's four concepts you should know.

    Share Post
    Share Post
    Share Link
    4 min Read
    All posts
  • All Posts
  • We earn trust, to help our clients earn trust.

    CPA-firm-logo

    AICPA Accredited Firm

    CA-ANZ-logo

    Certified Public Practice

    CPA-firm-logo-1

    Certified CSA STAR Auditor

    AWS-partner-logo

    AWS Partner Network

    GCP-partner-logo

    Google Cloud Partner

    B-Corp-logo

    Certified by B-Lab

    CPA-firm-logo

    SOC 2 Type II Achieved

    SOC-1

    GDPR Compliant

    IAS_Mgt_Sys_Cert_V_CMYK

    IAS Accredited ISO 27001 (MSCB-379)

    assurance lab logo
    Our mission is to elevate trust, business growth, and better practice, with audits.
     
    Our Office Locations
    APAC: Level 3/11 York Street, Sydney
    NSW 2000
    US: 1400 Lavaca Street, Suite 700, Austin, Texas 78702 
    EMEA: Block 2 Charlemont St, Charlemont Row, Saint Kevin's, Dublin, D02 F6X6
     

    Follow us

    linkedin logo facebook logo

    Company

      • About
      • Careers
      • Partners
      • Case Studies
      • Trust Centre

    Products

      • Pillar
      • PolicyTree
      • ISO 27001 Launchpad
      • AI-Audits

    Audits

      • SOC 1
      • SOC 2
      • ISO 27001
        ISO 42001
      • CSA STAR
      • Privacy Compliance
      • Consumer Data Right
      • HIPAA
      • Asset Management
      • ESG Reporting
      • Certificate Directory

    Resources

      • Blog
      • Knowledge Base
      • Partner Referrals

    Liability limited by a scheme approved under Professional Standards Legislation.

    Terms & Conditions

    Privacy Policy