Insights
Briefings from the practice.
Analysis written for compliance officers, general counsel and CISOs. No commentary on news cycles. No content marketing.
Archive
5 briefings
Information Security
ISO 27001:2022 — what Annex A actually changed
Eleven new controls, the merged Clause 6 risk treatment, and how your Statement of Applicability needs to evolve.
28 March 2026 · 11 min read
Financial Services
DORA: the operational resilience programme firms underestimate
ICT third-party risk under DORA reads like a compliance ask; in practice it is an architecture project.
06 February 2026 · 14 min read
Governance
Board reporting that auditors and regulators actually read
The four metrics every audit-committee pack should carry, and the three it should never.
19 January 2026 · 7 min read
Data Protection
Subject Access Requests at scale: the operations problem
Why most SAR programmes fail at the discovery stage, and how to redesign yours around evidence-grade workflows.
04 December 2025 · 10 min read
Information Security
The internal audit programme nobody wants to run
A pragmatic blueprint for ISMS internal audits when you have neither the headcount nor the appetite.
21 October 2025 · 8 min read
Quarterly briefing
Receive our regulatory horizon scan four times a year.
A single PDF. No tracking pixels. Cancel by replying to any email.