C5:2026 – The New Standard for Cloud Security is Here

The German Federal Office for Information Security (BSI) has officially released the final version of the Cloud Computing Compliance Criteria Catalogue…

Apr 14 • Aron Lange

9

March 2026

Major, Minor, or Just an OFI? Test your audit IQ.

You are sitting in a conference room.

Mar 3 • Aron Lange

7

1

February 2026

The Hard Truth: Your Certificate ≠ Legal Compliance

Why ISO/IEC 27001 does not prove you are compliant with the law.

Feb 17 • Aron Lange

3

2

January 2026

Qualitative vs. Quantitative: Which Risk Analysis wins?

Plus: What a volcano in Hawaii teaches us about ISO 27001 and risk acceptance criteria.

Jan 26 • Aron Lange

6

15:35

How to get ISO 27000 for FREE (legally)

Most people think you have to pay hundreds of dollars for any official ISO standard.

Jan 15 • Aron Lange

9

8:31

December 2025

The All-New C5:2025 Catalogue

A Practical Guide to the New Cloud Security Standard

Dec 11, 2025 • Aron Lange

6

1

November 2025

Risk Management for Dummies

I remember sitting in security meetings at the very start of my career, feeling completely lost.

Nov 30, 2025 • Aron Lange

16

1

A Smarter Way to Audit Personnel Security

Why you should audit the employee lifecycle and pull in some IT controls as well.

Nov 21, 2025 • Aron Lange

7

2

It’s Just Paperwork, Right?

How to make sense of policies, standards, and procedures.

Nov 14, 2025 • Aron Lange

9

2

What to Do When Auditors Ask for a Document That Isn't Required?

An auditor asks for a piece of paper, and your heart sinks. But what if they're wrong?

Nov 7, 2025 • Aron Lange

1

1

October 2025

Why your SoA is NOT compliant!

As an auditor, I see the same mistake all the time. Here’s what the standard actually requires.

Oct 30, 2025 • Aron Lange

9

5

2

The Missing Link in your Documentation

Discover the difference between processes and procedures.

Oct 24, 2025 • Aron Lange

1

1