Blog

Compliance, in plain English

Practical writing on ISO 27001 for SMEs — starting with a conversation, not a spreadsheet.

Jun 12, 2026 Plain Compliance

A control reference we keep coming back to

Control Stack is a clear, Australian-focused reference for ISO 27001, ASD ISM and Essential Eight controls — useful for understanding what a control is actually asking for.

resources
iso-27001

Jun 9, 2026 Plain Compliance

The 20 questions that reveal most ISO 27001 gaps

You don’t need to read the whole standard to find your biggest compliance gaps. These 20 plain-English questions surface most of them.

iso-27001
getting-started

May 28, 2026 Plain Compliance

Why SMEs should start with evidence, not controls

Starting an ISO 27001 project with the control list feels productive — but it’s the slow way round. Start with what you already do instead.

iso-27001
evidence

May 19, 2026 Plain Compliance

How to make an ISO 27001 risk register manageable

Risk registers sprawl into hundreds of unread rows. Here’s how to keep yours small, honest, and genuinely useful.

iso-27001
risk

May 8, 2026 Plain Compliance

What small software companies usually already have right

If you build software for a living, you’re probably closer to ISO 27001 than you think. Here’s what most teams already have covered.

iso-27001
software

Apr 24, 2026 Plain Compliance

ISO 27001 scope: what to include and what to leave out

Scope is the single most important decision in an ISO 27001 project. Get it right and everything else gets easier.

iso-27001
scope

Compliance starts with a conversation.

Turn how your business works into a first-pass ISO 27001 gap analysis.

Start your free gap analysis See the 20 questions