Articles, whitepapers and insights into IT audit, information security, compliance and risk management.
More organizations pursue ISO 42001 certification for AI governance. But the practice is tougher than the theory. These are the seven things we encounter.
SOC 2 is an essential audit report for service organizations. Learn what a SOC 2 report entails and why it matters for your business.
ISAE 3402 and SOC 2 are both assurance standards for service organizations. But they differ in scope, audience and application. Here is how to choose.
Planning your ISO 27001 certification? This step-by-step roadmap covers scoping, risk assessment, implementation and the certification audit itself.
Traditional audits look back. Continuous auditing looks forward. Learn how real-time monitoring and automated testing are transforming IT audit.
SOC 2 Type 1 and Type 2 reports serve different purposes. Understand the key differences to choose the right report for your organization.
ISAE 3402 is the international standard for assurance reports on controls at service organizations. This guide explains what it means for your business.
Both pentests and vulnerability scans identify security weaknesses. But they differ fundamentally in approach, depth and value. Here is how to choose.
ISO 9001 provides a solid quality management foundation that integrates naturally with ISO 27001 and other standards. Here is why it matters for IT services.
ISO 22301 provides the framework for business continuity management. From business impact analysis to continuity testing, here is what you need to know.
ISO 27017 adds cloud-specific security controls to your ISO 27001 framework. Learn about shared responsibility, the seven new controls, and practical implementation.
ISO 27018 sets the standard for PII protection in cloud environments. Learn how it connects to GDPR, ISO 27001, and ISO 27017.
ISO 27701 extends ISO 27001 with a Privacy Information Management System. Learn how it supports GDPR compliance and what certification involves.
The eIDAS regulation governs electronic identification and trust services across the EU. With eIDAS 2.0 and the European Digital Identity Wallet on the horizon, understanding this framework is essential.
Internal audits are a mandatory component of every ISO management system. Done well, they drive real improvement. Done poorly, they become a compliance checkbox.
Your first SOC 2 audit does not have to be overwhelming. This practical checklist covers scope definition, control design, gap remediation and evidence collection.
The ISAE 3402 Type II observation period requires a minimum of six months. Learn why this period matters, what auditors test, and how to manage evidence collection.
SaaS providers in the DigiD chain face specific assessment requirements. From network segmentation to multi-tenant challenges, here is what you need to know.
DORA creates new obligations for ICT providers serving financial institutions. Understanding the requirements early turns compliance into a commercial advantage.
Good evidence management can make or break an audit engagement. Learn the fundamentals of audit evidence, common pitfalls, and how to organize evidence efficiently.
The EU AI Act takes full effect for high-risk AI systems in August 2026, with fines up to 35 million euros. How to classify your AI systems, meet compliance requirements, and prepare for conformity assessment.
The Cyber Resilience Act introduces mandatory cybersecurity requirements for all digital products on the EU market. From IoT devices to software: what manufacturers, importers, and distributors need to know.
The transition period to ISO 27001:2022 expired on 31 October 2025. Organizations still certified to the 2013 version need to take action. Here is what changed and how to approach the transition audit.
More organizations combine ISO 27001, ISO 42001, NEN 7510, or ISO 9001 in a single management system. An integrated audit saves time and cost. But how does it work in practice?
The biggest cyberattacks of recent years came through the supply chain: SolarWinds, Kaseya, MOVEit. NIS2 mandates supply chain management. How do you audit the security of your supply chain?
Quantum computers threaten the cryptography that protects virtually all digital communication. NIST has published the first post-quantum standards. What does this mean for your organization?
Get our latest articles and insights on IT audit, compliance and information security.