Insights
Compliance thinking that actually holds up.
Analysis, methodology, and hard-won thinking on GRC, AI security, and what genuine compliance looks like in practice.
I built an Essential Eight ML2 audit environment from scratch. Here is what I found.
A technical case study documenting the OzCorp E8 Audit Lab — an independently built Windows Server 2022 domain environment, custom PowerShell audit tooling, and three verified ML2 findings that demonstrate what evidence-first compliance actually looks like.
The EU AI Act is live. Most AI deployments have no audit trail.
The EU AI Act entered into force in August 2024. High-risk AI systems face significant obligations — including documentation, logging, and human oversight requirements that most organisations deploying AI have never thought about.
SOC 2 Type I vs Type II — what your enterprise clients are actually asking for
When a prospect asks for your SOC 2 report, they almost always mean something specific. Understanding the difference between Type I and Type II — and what each actually demonstrates — determines whether your report closes the deal or reopens the conversation.
Stay current
Compliance and AI security are moving fast. We write about what actually matters.
If you have a compliance question, a framework challenge, or want to understand how a specific regulation applies to your environment — get in touch.
Start a conversation