compliance
Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.
435 articles
FedRAMP 20x and Continuous Compliance for Software Vendors
FedRAMP 20x replaces document-heavy review with machine-verifiable assertions. SBOMs and runtime evidence become first-class authorization artifacts.
SBOMs in Healthcare: Patient Safety Meets Software Transparency
Healthcare organizations face unique SBOM challenges driven by FDA requirements, device lifecycles, and patient safety stakes.
SOC 2 readiness assessment guide
What a SOC 2 readiness assessment actually covers, how long it takes, what it costs, and where supply chain risk fits in alongside tools like Drata.
Who needs SOC 2 compliance? A breakdown by company stage/...
SOC 2 isn't legally required, but it's now a deal-blocker as early as seed stage. Here's a stage-by-stage, industry-by-industry breakdown of who actually needs it.
How to choose the right SOC 2 audit firm / auditor
Drata and similar platforms automate SOC 2 readiness, but they can't issue your audit report. Here's a concrete framework for vetting the CPA firm that actually can.
The Complete SBOM Compliance Guide for 2026
Everything you need to know about SBOM requirements under EO 14028, NIST SSDF, and emerging global regulations.
SOC 2 for startups: what founders need to know
A practical guide to SOC 2 timelines, costs, and audit failures for startups—and why compliance automation alone won't cover software supply chain risk.
AI-BOM And EU AI Act Article 10 Data Governance
Article 10 turns training data governance into a legal obligation. AI-BOM is how you prove it. A practical mapping of what the regulation expects to what the artefact captures.
HIPAA Supply Chain Evidence For Business Associates
HIPAA Security Rule expectations now reach into the software supply chain. Learn how Business Associates can produce evidence that satisfies OCR scrutiny.
SEC Cyber Disclosure Rules: Year Two
A senior engineer's view of the second-year impact of SEC cybersecurity disclosure rules, what filings actually look like, and where supply chain risk fits in.
CI/CD Audit Pipeline Checklist 2026
An auditor's checklist for CI/CD pipelines in 2026 covering build provenance, secret management, runner isolation, and the evidence to collect for SOC 2 and FedRAMP.
CMMC Level 3 Software Supply Chain Checklist 2026
A senior engineer's CMMC Level 3 checklist focused on software supply chain: SBOM, SC-SR controls, SSP evidence, and the operational gaps most defense contractors still have.