The blog
Plain-English compliance, weekly.
News, tips, how-tos and real-world case studies — written for the operations, HR and IT people who actually have to deliver compliance.
ISO 27001:2022 — What Actually Changed and Why It Matters
The 2022 update isn't just a renumbering exercise. Here's the plain-English breakdown of what changed in Annex A, what's new in the main clauses, and what it means for your ISMS.
Read article →Zero to ISO 27001:2022 Ready in 90 Days — A Real SME Playbook
A week-by-week walkthrough of how we took a 40-person SaaS from no ISMS to Stage 1 ready against the 2022 standard — the 11 documents we wrote first, the controls we deferred, and the mistakes we'd avoid next time.
Releasing 13 Jun 2026NIS2 for Small Business: Are You Actually In Scope?
A plain-English flowchart to work out whether NIS2 applies to your SME, plus the three questions to ask your suppliers this quarter.
Releasing 27 Jun 2026The 2026 Cyber Essentials Checklist (Updated for the New IASME Question Set)
A printable checklist that maps every IASME question to a concrete action, with notes on BYOD, cloud services and home working.
Releasing 11 Jul 2026Build a GDPR Vendor Register in an Afternoon
The fastest sustainable way to catalogue your data processors — template, prompts, and the questions to ask new vendors.
Releasing 25 Jul 2026Five CMMC Level 2 Myths That Are Costing Suppliers Contracts
From 'we don't really handle CUI' to 'self-assessment is enough' — what's actually true under the 2025 phased rollout.
Releasing 8 Aug 2026Stop Screenshotting: Automating SOC 2 Evidence Collection
How to wire up your existing tools to collect audit-ready evidence continuously, without buying a six-figure platform.
Releasing 22 Aug 2026Don't miss a post.
One short monthly email. Compliance, explained simply.