Regulatory Compliance
In-depth guides and analysis on regulatory compliance from the Safeguard engineering team.
138 articles
SQL Injection Prevention in C# with Entity Framework/LINQ
EF Core's LINQ layer parameterizes queries by default, but FromSqlRaw, ExecuteSqlRaw, and dynamic sort columns still open real SQL injection risk in .NET apps.
ISO 27001:2022 Transition Deadline: The Approach
The October 31, 2025 ISO/IEC 27001:2022 transition deadline is weeks away. Here's what auditors will look for in Annex A controls, statements of applicability, and evidence packs.
The HIPAA Security Rule Update and Your Supply Chain
HHS's December 2024 NPRM rewrites the HIPAA Security Rule with explicit software supply chain, SBOM, and business associate controls set to take effect in 2025 and 2026.
EU NIS2 Directive: Enforcement at One Year
Twelve months after the NIS2 transposition deadline, enforcement is uneven, fines are real, and software supply chain obligations are starting to bite.
Governance Frameworks Emerging for AI-Assisted Software D...
NIST, ISO 42001, and the EU AI Act now shape how teams must govern AI-generated code. Here's what an AI code governance framework actually requires in practice.
Japan AMED Software Supply Chain Guidance Overview
Japan's AMED, METI, and PMDA guidance now converges on SBOMs and supply chain controls, reshaping how medical and industrial software is built, shipped, and maintained.
OWASP ASVS 5.0 Adoption Guide
OWASP ASVS 5.0 restructured the verification levels and added new requirements for modern stacks. A practical adoption guide for teams using ASVS as their security baseline.
Oracle Critical Control Baseline: Regulatory Impact
Oracle's February 2025 Critical Control Baseline for critical infrastructure customers reshapes SCRM obligations. Here's what legal and security teams must know.
FedRAMP Continuous Monitoring Automation Playbook
FedRAMP 20x demands real-time ConMon. Here's how to automate monthly POA&M, vulnerability deviation, and SBOM attestation without a 20-person team.
Canadian Cyber Centre Supply Chain Guidance
The CCCS's 2024-2025 supply chain guidance and Bill C-26 reshape Canada's expectations for SBOMs, vendor assurance, and protection of critical cyber systems.
DORA Operational Resilience: Software Implications
DORA became fully applicable January 17, 2025. Here's what Articles 6, 8, 28, and the ICT third-party RTS mean for the software you build, buy, and operate in the EU.
Digital Health HIPAA Supply Chain Intersection
Digital health startups collide with HIPAA obligations as soon as they touch clinical data. A regulatory map of the supply chain choke points.