Compliance, without the jargon.
Practical guides for security teams working on ISO 27001, SOC 2, GDPR, and the EU AI Act. Written by engineers who have been through it.
ISO 27001:2022 Annex A: What changed and what it means for your ISMS
The 2022 revision reduced Annex A from 114 to 93 controls and introduced 11 new controls covering threat intelligence, cloud security, and secure coding. Here is what your audit programme needs to update.
EU AI Act enforcement dates: the complete 2025โ2027 timeline for technical teams
From the prohibited practices ban in February 2025 to the full obligations for high-risk systems in August 2026 โ every key date and what your team needs to do before each one.
Passing SOC 2 Type II without a dedicated compliance manager
Most SaaS companies attempt SOC 2 with a security engineer wearing the compliance hat. This is the playbook for doing it without burning that person out.
ROPA in practice: building a Record of Processing Activities that survives an ICO audit
A ROPA is not just a spreadsheet. Here is what the ICO actually looks for, and how to build one that doubles as a live operational document rather than a compliance artefact that rots.
How we built Row-Level Security into a multi-tenant SaaS with PostgreSQL
RLS at the database layer โ not just the application โ is the only way to make multi-tenant data isolation a guarantee rather than a promise. This is the pattern we use in AISEC.
Stage 1 vs Stage 2 ISO 27001 audit: what to prepare for each
Stage 1 is a documentation review. Stage 2 is where the auditor looks for evidence that your controls are actually operating. The preparation for each is completely different.
More articles coming soon
Subscribe to get notified when we publish new compliance guides and product updates.
Subscribe to updates