GRC Lab | Aron Lange | Substack

The All-New C5:2025 Catalogue

A Practical Guide to the New Cloud Security Standard

READ THE LATEST

Most Popular

How to Solve the GRC Puzzle: A Roadmap Through the Noise

Nov 30 • Aron Lange

A Smarter Way to Audit Personnel Security

Nov 21 • Aron Lange

Why your SoA is NOT compliant!

Oct 30 • Aron Lange

It’s Just Paperwork, Right?

Nov 14 • Aron Lange

Recent posts

How to Solve the GRC Puzzle: A Roadmap Through the Noise

I remember sitting in security meetings at the very start of my career, feeling completely lost.

Nov 30 • Aron Lange

A Smarter Way to Audit Personnel Security

Why you should audit the employee lifecycle and pull in some IT controls as well.

Nov 21 • Aron Lange

It’s Just Paperwork, Right?

How to make sense of policies, standards, and procedures.

Nov 14 • Aron Lange

What to Do When Auditors Ask for a Document That Isn't Required?

An auditor asks for a piece of paper, and your heart sinks. But what if they're wrong?

Nov 7 • Aron Lange

Why your SoA is NOT compliant!

As an auditor, I see the same mistake all the time. Here’s what the standard actually requires.

Oct 30 • Aron Lange

The Missing Link in your Documentation

Discover the difference between processes and procedures.

Oct 24 • Aron Lange

Recommendations

Venture in Security

Venture in Security

Ross Haleliuk

The Security Industry

The Security Industry

Richard Stiennon

Luiza's Newsletter

Luiza's Newsletter

Luiza Jarovsky, PhD

Resilient Cyber

Resilient Cyber

Chris Hughes

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts