Cyber security compliance, explained

Plain English guides related to IRAP, Essential Eight, ISO 27001 and 42001, SOC 2 and vCISO.

Browse by framework

Essential Eight (10)

Virtual CISO (8)

Start here: the six framework guides

The pillar guide for each framework, the best place to begin.

IRAPThe complete Australian guide Essential EightThe complete Australian guide ISO 27001The complete Australian guide ISO 42001AI management systems guide SOC 2The complete guide for tech companies Virtual CISOThe complete Australian guide

Latest Guides

IRAP Readiness Checklist: How to Prepare for an IRAP Assessment

A practical IRAP readiness checklist: the classification and scope decisions, the documents, the control evidence, and the timeline to prepare before an…

June 21, 2026
Essential Eight: The Complete Australian Guide

What the Essential Eight is, the maturity model, who needs it, how an assessment works, what it costs, and how it relates…

June 21, 2026
What Is the Essential Eight?

The Essential Eight is ASD’s set of eight mitigation strategies. What each one does, the four maturity levels, who must comply, and…

June 21, 2026
Is IRAP a Certification?

IRAP is an assessment, not a certification. There is no certificate and no pass mark. What an IRAP assessor produces, and who…

June 21, 2026
ISO 42001 Readiness Checklist for Australian Organisations

A clause by clause ISO 42001 readiness checklist for Australian organisations: the management system, the Annex A controls, the documents to prepare,…

June 21, 2026
AI Risk Assessment Under ISO 42001: What It Requires

ISO 42001 asks for two linked exercises: an AI risk assessment of risks to your objectives, and an AI system impact assessment…

June 21, 2026
Why AI Governance Matters Now

AI governance moved from optional to expected. Why it matters now in Australia, what the EU AI Act and ISO 42001 change,…

June 21, 2026
ISO 42001 vs the EU AI Act: Which Governs Your AI?

ISO 42001 is a voluntary AI management standard; the EU AI Act is binding law. Where they overlap, where they do not,…

June 21, 2026
ISO 27001 for SaaS: What Australian Software Companies Need to Know

ISO 27001 for SaaS companies: what the certificate covers, the cloud and secure development controls that matter most, how to scope a…

June 21, 2026
ISO 42001: The Complete Guide to AI Management Systems

ISO 42001, published as ISO/IEC 42001:2023, is the first international standard for an AI management system. It sets out how to govern…

June 21, 2026
What Is ISO 42001?

ISO 42001 is the world’s first certifiable AI management system standard. What it requires, who needs it, the AI impact assessment, and…

June 21, 2026
ISO 27001 vs SOC 2: Which Does Your Organisation Need?

ISO 27001 certifies a management system; SOC 2 is a CPA firm's report against the AICPA criteria. Which you need depends on…

June 21, 2026