Resources
Practical guides and audit insights on ISO 27001, ISO 42001, and ISO 9001 internal audits, drawn from real engagement work.
- June 5, 2026·9 min readISO 9001ISO 9001:2026
ISO 9001:2026 Revision: What's Changing and How to Prepare
ISO 9001:2026 reaches Final Draft this year, with publication expected in the second half of 2026 and a three-year transition. What actually changes, what stays the same, and the readiness steps internal audit should start now.
Read - May 13, 2026·9 min readISO 42001ISMS
ISO 42001 AIMS Scope: Which AI Systems Go In and Why
Scoping the AIMS is where most ISO 42001 audits reveal their first findings. How to inventory AI systems, what the standard means by "AI system," and how a weak scope statement cascades into gaps across every clause.
Read - May 11, 2026·9 min readISO 27001Vanta
Using Vanta for ISO 27001: An Auditor's Assessment
Vanta automates meaningful evidence for cloud and infrastructure controls but leaves real gaps in people controls, physical security, supplier management, and Clauses 4–6. What we find in practice, and what to fix before fieldwork.
Read - May 4, 2026·8 min readISO 27001Internal Audit
Getting Ready for an ISO 27001 Internal Audit: A Practical Checklist
A practical ISO 27001 internal audit prep checklist covering the SoA, corrective actions, evidence, policies, interviews, risk treatment, training, and monitoring.
Read - April 30, 2026·10 min readISO 27001AI
AI Search and Your ISMS: ISO 27001 A.5.34 & A.8.21 Reframed
AI search reshapes ISO 27001 A.5.34 (PII) and A.8.21 (network services). What auditors now look for, gaps we flag, and a working baseline.
Read - April 29, 2026·8 min readISO 27001Privacy
Data Deletion Request Process: An ISO 27001 Auditor's Guide
ISO 27001 A.5.34 plus GDPR Article 17. What auditors look for, the gaps we commonly flag, and a working template for data deletion requests.
Read - March 25, 2026·9 min readISO 27001SDLC
Threat Modeling in the SDLC: ISO 27001 A.8.25 & A.8.26
ISO 27001 A.8.25 and A.8.26, what they require, the gaps we flag in audits, and a working template you can adopt in a single sprint.
Read