Skip to main content

Thoughts on compliance, security, and the practicalities of building robust management systems. All written in plain English, focused on what actually matters.

· Audit Preparation

ISO 42001 Stage 1: what happens on the day, and what to have ready

The first ISO 42001 audits are landing in Europe. Where certification bodies have accredited schemes, and where organisations have been working …

· Emerging Technology

Do you need a Virtual Chief AI Officer? When the role earns its keep and when it does not

The Virtual Chief AI Officer role has emerged fast. In the last twelve months it has moved from a novelty offered by a handful of AI-focused firms to …

· Risk & Resilience

Law firms under three-front attack: what the Silent Ransom Group, the Pillsbury class action, and the FBI's May advisory tell us

Someone walks into a US law firm’s reception in April 2025. They tell the receptionist they are from the firm’s IT service provider, …

· Emerging Technology

Think before you paste: the ClickFix scam explained

You visit a website, or open an email link that looks legitimate. A window appears asking you to prove you are human. It looks like the …

· Audit Preparation

ISO 22301 Stage 1: what happens on the day, and what to have ready

Stage 1 of an ISO 22301 audit tests whether the Business Continuity Management System (BCMS) is ready to be evaluated in Stage 2. The event is …

· Emerging Technology

Mandatory AI literacy under the EU AI Act: what Article 4 requires

Article 4 of the EU AI Act has been in force since 2 February 2025. It requires every organisation that uses AI systems, not just those that build …

· Audit Preparation

Internal audit across management system standards: clause 9.2 in practice

Every ISO management system standard requires an internal audit programme. Clause 9.2 is effectively identical across ISO 27001, ISO 22301, ISO 27701, …

· Emerging Technology

IEEE 802.11bf: Wi-Fi sensing as opportunity and threat

IEEE 802.11bf, published on 26 September 2025, is an amendment to the 802.11 family that turns Wi-Fi into a sensing platform. By analysing how radio …

· Audit Preparation

Five recurring themes in ISO 27001 audit findings

An OFI, Opportunity for Improvement, is an audit observation that does not constitute a nonconformity but signals room for the ISMS to mature. They …

· ISO Guidance

Preparing for ISO 42001 certification: a practical roadmap

ISO 42001 has gone from a curiosity to a real certification programme remarkably quickly. Published in December 2023, it is the first international …

· Fraud & AI Risk

$25 million and a video call: what the Arup deepfake scam changed

In January 2024, a finance worker at the Hong Kong office of Arup, the British multinational engineering consultancy responsible for the Sydney Opera …

· Security Operations

Past the vanity metrics: measuring security that actually matters

A security leader recently shared a thought on LinkedIn that has stayed with us. “Most security dashboards look impressive. Green metrics. Clean …

· Cybersecurity

Lessons from recent cyberattacks: what they tell us about resilience

When ticketing systems went down at one of Europe’s largest rail operators earlier this year, millions of passengers found themselves staring at …

· Audit Preparation

ISO 27001 Stage 2: what happens on the day, and what to have ready

Stage 1 tested whether the ISMS was designed. Stage 2 tests whether it works. The gap in effort between the two is larger than most organisations …

· Audit Preparation

ISO 27701 Stage 1: what happens on the day, and what to have ready

ISO 27701 is an extension of ISO 27001, not a standalone privacy standard. That single fact shapes the entire Stage 1 audit. The auditor is not …

· Audit Preparation

ISO 27001 Stage 1: what happens on the day, and what to have ready

Stage 1 is the audit event that reveals whether the ISMS is real or theoretical. Stage 2 will test whether the controls actually work. Stage 1 tests …

· Standards

Integrated management systems: what genuinely integrates, what doesn't, and how to tell what you actually have

Ask three consultants to define an integrated management system and you will get three answers. The most common one is documentation-based: a shared …

· Implementation

Axlio ISO implementation roadmap

Implementing an ISO standard can feel complex at first, particularly if it is your organisation’s first certification. In practice the journey …

· ISO Guidance

What ISO 27001 certification really involves

If you are considering ISO 27001 certification, you have probably encountered plenty of marketing material promising quick and easy implementation. …

· ISO Guidance

ISO 27001 vs ISO 22301: what is the difference?

Two ISO standards come up regularly in conversations with Irish organisations: ISO 27001 (information security) and ISO 22301 (business continuity). …

· Audit Preparation

Common ISO 27001 audit findings, and how to avoid them

After supporting numerous ISO 27001 implementations and audits, we have noticed patterns in what auditors find. Here are the most common issues, and …

· Emerging Technology

AI and the collapsed barrier to entry for cybercrime

A decade ago, building a credible phishing email aimed at an Irish business meant either fluent English with familiarity with local business culture, …

· Audit Preparation

Preparing for an ISO 22301 audit: the questions auditors actually ask

An ISO 22301 certification audit is structurally similar to an ISO 27001 audit: a stage 1 documentation review, a stage 2 evidence walk-through, and …

· Audit Preparation

ISO 9001 Stage 1: what happens on the day, and what to have ready

ISO 9001 is the oldest ISO management-system standard still in wide use. First published in 1987, updated most recently in 2015, it is the standard …

· Compliance

The RoPA gap: what the DPC actually wants under Article 30, and where most organisations fall short

The Data Protection Commission has known for years that most organisations do not have a defensible Record of Processing Activities. In early 2022 the …

Ready to discuss your requirements?

Let's have a conversation about how we can help your organisation.

Let's talk