audit
Safeguard articles tagged "audit" — guides, analysis, and best practices for software supply chain and application security.
24 articles
SOC 2 Compliance FAQ: Trust Services Criteria, Type II, and Evidence
A precise FAQ on SOC 2 in 2026 — what it is, Type I vs Type II, the five Trust Services Criteria, observation periods, who performs the audit, and the evidence auditors actually test.
Safeguard Is Now a Connector in Claude: Continuous Compliance Monitoring for Enterprise AI
Connect Safeguard to Claude Enterprise and Claude Platform to turn Claude activity logs into real-time AI compliance monitoring, audit-ready SOC 2 / NIST / PCI-DSS evidence, and policy enforcement — activity logs only, never conversation content.
npm package signature verification: the 2026 rollout state
Every package on npm is signed by the registry, but the actual posture of install-time signature verification across real-world tooling is patchier than the headline suggests. This is where npm audit signatures and downstream verifiers stand in 2026.
Audit Prep: Month To Week With Continuous Evidence
Replace last-minute audit scrambles with continuously generated supply chain evidence. Learn how compliance teams compress preparation timelines from weeks to days.
SOC 2 Control Mapping With Supply Chain Evidence
Map SOC 2 Trust Services Criteria to concrete supply chain artifacts. Learn how SBOMs, findings, and policy logs satisfy CC controls without manual gymnastics.
EU CRA Self-Assessment Evidence Pack
Build a Cyber Resilience Act self-assessment pack from supply chain evidence. Learn which artifacts CRA expects and how to produce them without rebuilding your stack.
Using Reachability To Defend SOC 2 Audit Decisions
An auditor asks why you didn't fix CVE-X. The defensible answer involves reachability evidence. Without it, the conversation gets uncomfortable.
PCI DSS 4.0 Software Security Evidence Flow
PCI DSS 4.0 raises the bar for software security and supplier oversight. Learn how to satisfy Requirement 6 and 12.8 with continuous supply chain evidence.
FedRAMP Continuous Monitoring: Supply Chain Controls
FedRAMP's continuous monitoring requirements now include supply chain risk. Learn how to produce monthly evidence aligned with NIST SP 800-161 controls.
ISO 27001:2022 Aligned Supply Chain Program
ISO 27001:2022 added explicit supply chain controls in Annex A. Learn how to build a program that satisfies A.5.19 through A.5.23 with continuous evidence.
HIPAA Supply Chain Evidence For Business Associates
HIPAA Security Rule expectations now reach into the software supply chain. Learn how Business Associates can produce evidence that satisfies OCR scrutiny.
CI/CD Audit Pipeline Checklist 2026
An auditor's checklist for CI/CD pipelines in 2026 covering build provenance, secret management, runner isolation, and the evidence to collect for SOC 2 and FedRAMP.