Cyber security compliance, explained

Plain English guides related to IRAP, Essential Eight, ISO 27001 and 42001, SOC 2 and vCISO.

Browse by framework

Essential Eight (10)

Virtual CISO (8)

Start here: the six framework guides

The pillar guide for each framework, the best place to begin.

IRAPThe complete Australian guide Essential EightThe complete Australian guide ISO 27001The complete Australian guide ISO 42001AI management systems guide SOC 2The complete guide for tech companies Virtual CISOThe complete Australian guide

Latest Guides

ISO 27001 Annex A Controls Explained

The 93 Annex A controls in ISO 27001:2022, grouped into four themes, what changed in 2022, and why you select from them…

June 21, 2026
The ISO 27001 Statement of Applicability Explained

The Statement of Applicability is the ISO 27001 document that maps every Annex A control to your risk treatment, with a reason…

June 21, 2026
ISO 27001 Stage 1 vs Stage 2 Audit Explained

ISO 27001 certification is a two stage audit. Stage 1 reviews your ISMS documentation and readiness; Stage 2 tests whether it actually…

June 21, 2026
What Is ISO 27001:2022? A Plain Guide for Australian Organisations

ISO 27001:2022 is the international standard for an information security management system. What it certifies, what Annex A requires, and whether you…

June 21, 2026
ISO 27001 Certification Cost in Australia: What Drives the Price

ISO 27001 certification has no list price. What drives the cost, why audit fees scale with the number of people in scope,…

June 21, 2026
How Long Does ISO 27001 Certification Take in Australia?

How long ISO 27001 certification takes in Australia, the stages and what they involve, why the management system must run before the…

June 21, 2026
ISO 27001 Readiness Checklist for Australian Organisations

What to have in place before a certification body arrives: the clauses 4 to 10 management system, the Statement of Applicability, the…

June 21, 2026
Essential Eight Compliance Checklist

What to verify for each of the eight mitigation strategies, which maturity level you need to reach, and how Essential Eight compliance…

June 21, 2026
Essential Eight vs ISO 27001: Which Does Your Organisation Need?

The Essential Eight and ISO 27001 solve different problems. Which your organisation needs depends on whether you sell to government or commercial…

June 21, 2026
ISO 27001: The Complete Australian Guide

ISO 27001:2022 is the international standard for an information security management system. What it requires, what certification costs and takes, and how…

June 21, 2026
How Long Does an Essential Eight Assessment Take?

How long an Essential Eight assessment takes in Australia, the two phases involved, and what makes it faster or slower.

June 21, 2026
Essential Eight vs the ISM: How They Fit Together

The Essential Eight is a subset of the ISM, not an alternative to it. What each covers, which applies to you, and…

June 21, 2026