The Hard Truth: Your Certificate ≠ Legal Compliance

Why ISO/IEC 27001 does not prove you are compliant with the law.

Feb 17 • Aron Lange

3

2

January 2026

Qualitative vs. Quantitative: Which Risk Analysis wins?

Plus: What a volcano in Hawaii teaches us about ISO 27001 and risk acceptance criteria.

Jan 26 • Aron Lange

6

15:35

How to get ISO 27000 for FREE (legally)

Most people think you have to pay hundreds of dollars for any official ISO standard.

Jan 15 • Aron Lange

9

8:31

December 2025

The All-New C5:2025 Catalogue

A Practical Guide to the New Cloud Security Standard

Dec 11, 2025 • Aron Lange

6

1

November 2025

How to Solve the GRC Puzzle: A Roadmap Through the Noise

I remember sitting in security meetings at the very start of my career, feeling completely lost.

Nov 30, 2025 • Aron Lange

12

1

A Smarter Way to Audit Personnel Security

Why you should audit the employee lifecycle and pull in some IT controls as well.

Nov 21, 2025 • Aron Lange

7

2

It’s Just Paperwork, Right?

How to make sense of policies, standards, and procedures.

Nov 14, 2025 • Aron Lange

9

2

What to Do When Auditors Ask for a Document That Isn't Required?

An auditor asks for a piece of paper, and your heart sinks. But what if they're wrong?

Nov 7, 2025 • Aron Lange

1

1

October 2025

Why your SoA is NOT compliant!

As an auditor, I see the same mistake all the time. Here’s what the standard actually requires.

Oct 30, 2025 • Aron Lange

9

5

2

The Missing Link in your Documentation

Discover the difference between processes and procedures.

Oct 24, 2025 • Aron Lange

1

1

The New "Big Three": How ISO 27701:2025 Completes the Modern Governance Playbook

ISO/IEC 27701 was finally released!

Oct 16, 2025 • Aron Lange

3

1

2

CMMC is Here - What's Next?

A guest article by Jacob Hill.

Oct 7, 2025 • Aron Lange

1