Blog

When customers ask for SOC 2 and what they really mean

Customers asking for SOC 2 sometimes want something different from what they say. Learn what they're looking for, how to respond without a report, and how to avoid costly delays.

NIS2 checklist: what you need to have in order to be compliant

The Cybersecurity Act is expected to come into force on 1 July 2026. Discover the six pillars you need to have in place now to be NIS2-compliant.

Is your startup too small for ISO 27001? Three triggers to start now

Three triggers that say you should start with ISO 27001 now and three scenarios where waiting is smarter, including costs and timelines.

NIS2 for SaaS: what do you need to arrange now?

Does your SaaS company fall under NIS2? Read about direct and indirect scope, DORA overlap for fintech, four core obligations and five concrete steps.

SOC 2 for startups: becoming compliant without losing speed

Discover how startups implement SOC 2 without losing their development speed. Practical tips on change management, Type I vs Type II and smart first steps.

Individual security measures are not yet NIS2 compliance

Individual measures create a false sense of security. Discover how to make the move to structural NIS2 compliance with ownership, risk analysis, and continuous visibility.

What is NIS2 and when does the directive apply to you

Discover what the NIS2 directive entails, which organisations it applies to, and how to prepare. From sectors and size criteria to the relationship with ISO 27001.

ISO 27001 vs ISO 27002: what's the difference and what do you need

ISO 27001 and ISO 27002 contain the same controls, but are fundamentally different. Learn the difference and when you need which document.

ISO 27001 costs: What does certification really cost your organisation?

Audit costs are often the smallest line item. Discover all the cost components of ISO 27001: internal time, audit, tooling and maintenance, with realistic figures.

NIS2 for suppliers to NIS2-obligated organizations: what do you need to arrange now?

Not NIS2-obligated but still receiving a questionnaire from a client? Read how you as a supplier can meet chain obligations via SC, CyFun, or ISO 27001.