Cyber security compliance, explained

Plain English guides related to IRAP, Essential Eight, ISO 27001 and 42001, SOC 2 and vCISO.

Browse by framework

Essential Eight (10)

Virtual CISO (8)

Start here: the six framework guides

The pillar guide for each framework, the best place to begin.

IRAPThe complete Australian guide Essential EightThe complete Australian guide ISO 27001The complete Australian guide ISO 42001AI management systems guide SOC 2The complete guide for tech companies Virtual CISOThe complete Australian guide

Latest Guides

SOC 2 for Australian SaaS Selling into the US: What You Need to Know

Why US customers ask Australian SaaS companies for SOC 2, how it differs from ISO 27001, whether you need a Type I…

June 21, 2026
Virtual CISO: The Complete Australian Guide

What a virtual CISO is, when you need one, what they do, how pricing works, and how a vCISO leads your Essential…

June 21, 2026
What Is SOC 2? An Australian Guide

SOC 2 is an attestation report, not a certification. What it covers, Type I versus Type II, and how it compares with…

June 21, 2026
SOC 2 Type I vs Type II: Which Report Do You Need?

A Type I tests control design on a single day; a Type II tests whether controls operated over a period. Which one…

June 21, 2026
SOC 2 Cost in Australia: What Drives the Price

What a SOC 2 report costs in Australia, broken into readiness, the licensed CPA firm audit fee, tooling and the observation period,…

June 21, 2026
How Long Does SOC 2 Take?

SOC 2 has no single duration. A Type I can follow a few weeks of readiness; a Type II adds an observation…

June 21, 2026
ISO 42001 Certification Cost in Australia: What Drives the Price

ISO 42001 certification has no set price. The cost tracks your AI footprint, splitting across building the management system, audit fees over…

June 21, 2026
ISO 42001 for AI Product Companies: What You Need to Know

What ISO 42001 means for companies that build and sell AI: what it certifies, where the scope widens for a provider, and…

June 21, 2026
SOC 2: The Complete Guide for Australian Technology Companies

SOC 2 is an attestation report against the AICPA Trust Services Criteria, not a certification. What Australian technology companies need to know…

June 21, 2026
How Much Does an IRAP Assessment Cost in Australia?

What an IRAP assessment costs in Australia, the price drivers by classification, and the internal costs most budgets miss.

June 21, 2026
IRAP vs ISO 27001: Which Does Your Business Need?

ISO 27001 certifies your management system; IRAP assesses one system against the ISM for Australian Government use. What each is, where they…

June 21, 2026
How to Become an IRAP Assessor in Australia

What it takes to become an ASD endorsed IRAP assessor in Australia: citizenship, five years of experience, Category A and B qualifications,…

June 21, 2026