Safeguard
Topic

Compliance

In-depth guides and analysis on compliance from the Safeguard engineering team.

254 articles

Compliance

How to meet SOC 2 audit logging requirements

A step-by-step guide to meeting SOC 2 audit logging requirements: what to log, retention, access controls, alerting, and how to verify your controls before an audit.

Feb 12, 20268 min read
Compliance

Open Source License Management: Tools and Workflow

A practical breakdown of how mature engineering teams do license management open source style: scanning dependency trees, classifying license risk, and building a workflow that does not slow releases down.

Feb 11, 20266 min read
Compliance

EU Cyber Resilience Act Enforcement Timeline 2026

The EU Cyber Resilience Act is already biting in 2026. Here is the enforcement timeline manufacturers, integrators, and open source stewards need to internalize now.

Feb 11, 20268 min read
Compliance

SOC 2 Cloud Compliance: A Practical Primer

SOC 2 cloud compliance means proving your cloud-hosted controls actually operate the way you say they do — here's what auditors check and how a cloud compliance platform shortens the path to a report.

Feb 10, 20265 min read
Compliance

NIS2 in Spain: The Delayed Transposition and Commission Reasoned Opinion

Spain's draft NIS2 law was approved by the Council of Ministers on 14 January 2025, but had not been published in the BOE by January 2026, triggering Commission action.

Feb 9, 20266 min read
Compliance

SEC Form 8-K Item 1.05: Two Years of Enforcement Lessons

Two years into mandatory cybersecurity incident disclosure, the SEC has issued comment letter sweeps and settled enforcement actions. Here is what filers got wrong.

Feb 4, 20266 min read
Compliance

Implementing the ISO 27001:2022 Revision in 2026

The transition window to the 2022 revision of ISO 27001 closed in October 2025. Here is what we have learned from helping organizations implement it cleanly.

Feb 4, 20265 min read
Compliance

SEC Cyber Incident Disclosure Rule: Year Two

Two years into Item 1.05 of Form 8-K, the SEC has clarified materiality, enforcement posture, and how Regulation S-K Item 106 cybersecurity narratives will be judged.

Feb 4, 20267 min read
Compliance

The Software Transparency Act of 2026: What It Means for the Industry

Proposed legislation would require SBOMs for all critical infrastructure software. Here's a detailed analysis of the bill and its implications.

Feb 1, 20266 min read
Compliance

What is Third-Party Risk Management

Third-party risk management explained: what it covers, why SolarWinds and MOVEit made it board-level, and how modern TPRM differs from supply chain security.

Jan 29, 20268 min read
Compliance

What is Vendor Risk Management

Vendor risk management now means tracking code-level supply chain risk, not just SOC 2 reports—here's what it covers, how to tier vendors, and what regulations require it.

Jan 29, 20267 min read
Compliance

CISA Secure by Design Pledge: Signatories in 2026

CISA's Secure by Design Pledge has crossed 300 signatories. Here is what the 2026 cohort is committing to, what regulators expect in return, and how to prove it.

Jan 28, 20267 min read
Compliance (Page 16) — Supply Chain Security Blog | Safeguard