Free expert guides, checklists, and assessments for NIS2, DORA, CMMC, ISO 27001, HIPAA, POPIA, NDPR, and more — written for security practitioners.
A practical walkthrough of NIS2 Article 21 security obligations, incident reporting timelines, supply chain requirements, and how to run a structured readiness gap analysis before your national authority comes knocking.
Read Guide →The Digital Operational Resilience Act (EU 2022/2554) is now enforceable. This checklist covers ICT risk management, incident classification, TLPT testing, and third-party oversight gaps most firms miss.
Read Checklist →Everything DoD contractors need to know about CMMC 2.0 Levels 1–3, the 110 NIST SP 800-171 practices at Level 2, CUI handling requirements, and how to prepare for a C3PAO third-party assessment.
Read Guide →Learn how to perform a structured ISO/IEC 27001:2022 gap analysis against Annex A controls, build a risk register, draft your Statement of Applicability, and identify the fastest path to certification.
Read Guide →The HHS-mandated Security Risk Analysis under §164.308(a)(1) is the most commonly cited HIPAA violation. This guide walks through every safeguard category, common ePHI exposure gaps, and how to document your risk management plan.
Read Checklist →South Africa's Protection of Personal Information Act (POPIA) has been fully enforceable since July 2021. This guide covers all 8 conditions for lawful processing, Information Officer obligations, breach notification, and POPIA enforcement trends.
Read Guide →Nigeria's Data Protection Regulation (NDPR) 2019 and the NDPC enforcement framework set clear obligations for DPO appointment, privacy notices, 72-hour breach reporting, and cross-border data transfers. Here's how to comply.
Read Guide →