All articles

Blog

Every article we've published, in reverse chronological order.

Annex ANovember 20, 196912 min read

The Complete Guide to ISO 27001 Annex A Controls (2026 edition)

All 93 Annex A controls grouped by Organizational, People, Physical, and Technological categories — with practical implementation guidance for each set.

Continue reading →

NIS2 + ISO 27001November 27, 196910 min read

ISO 27001 vs NIS2: How They Overlap and Where They Don't

A practical comparison of ISO 27001 and the NIS2 Directive — what overlaps, what doesn't, and why NIS2-obligated organisations should use ISO 27001 as their baseline.

Continue reading →

SoADecember 4, 19699 min read

Statement of Applicability (SoA): The Single Most Important ISO 27001 Document

Everything you need to know about writing, maintaining, and defending your Statement of Applicability — the document auditors will spend the most time on.

Continue reading →

CertificationDecember 11, 19698 min read

How Long Does ISO 27001 Certification Actually Take? (Real-world timelines)

Honest, evidence-based timelines for ISO 27001 certification across small, medium, and large organisations — including what causes delays.

Continue reading →

ISO 27001 vs 27002December 18, 19697 min read

ISO 27001:2022 — What Changed from 2013 and Why It Matters

A clear, jargon-free overview of the 2022 update to ISO 27001: the new Annex A structure, the 11 new controls, and what existing certified organisations must do.

Continue reading →