Compliance
In-depth guides and analysis on compliance from the Safeguard engineering team.
254 articles
What is a Security Policy
A security policy is the documented, executive-approved rulebook auditors test against — here's what belongs in one, how often to review it, and what breaks when it isn't enforced.
DORA for Financial Services Software Supply Chain
How EU DORA is reshaping software supply chain expectations for financial services in 2026, with practical guidance on ICT third-party risk, SBOMs, and incident reporting.
What is a Security Risk Assessment
A security risk assessment ranks real business risk, not raw CVE counts. Here's what it involves, how often it's required, and how it differs from scanning.
What is Compliance Automation
Compliance automation replaces manual audit evidence with continuous, API-driven monitoring — here's how it works, which frameworks it covers, and why supply chain evidence changes the equation.
What is the OWASP Software Assurance Maturity Model (SAMM)
A concrete breakdown of OWASP SAMM's 5 functions, 15 practices, and 30 streams, how its maturity levels work, and how it compares to BSIMM.
SOC 2 Type II
What is SOC 2 Type II? A clear breakdown of the audit report, Trust Services Criteria, and how it differs from Type I — with real audit examples.
CIS Benchmarks
A precise definition of CIS Benchmarks, how they differ from CIS Controls, and what compliance scanning against them looks like in real environments.
Federal Software Procurement and SBOM Requirements: A Vendor's Playbook
If you sell software to the US government, SBOM requirements are now non-negotiable. Here's a practical playbook for compliance.
Cloud Security Compliance: Mapping Controls to Frameworks
Chasing SOC 2, ISO 27001, and PCI DSS as separate projects triples your audit workload. Build one control set, map it to every framework, and collect evidence once.
NIST SSDF Audit: What Auditors Actually Check
A practical walkthrough of what NIST Secure Software Development Framework audits look like in 2026, where evidence gaps show up, and how to prepare without burning out engineering.
EU Cyber Resilience Act: Your SBOM Obligations
The EU Cyber Resilience Act makes SBOMs a legal requirement for products with digital elements sold in Europe. Here is what the regulation actually demands, when the deadlines hit, and how to prepare.
How to configure AWS Config for continuous compliance mon...
A step-by-step guide to configure AWS Config compliance monitoring: rules setup, conformance packs, alerting, remediation, and multi-account aggregation.