Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

Compliance

EU Cyber Resilience Act: Your SBOM Obligations

The EU Cyber Resilience Act makes SBOMs a legal requirement for products with digital elements sold in Europe. Here is what the regulation actually demands, when the deadlines hit, and how to prepare.

Feb 12, 20266 min read
Compliance

How to configure AWS Config for continuous compliance mon...

A step-by-step guide to configure AWS Config compliance monitoring: rules setup, conformance packs, alerting, remediation, and multi-account aggregation.

Feb 12, 20268 min read
Compliance

How to meet SOC 2 audit logging requirements

A step-by-step guide to meeting SOC 2 audit logging requirements: what to log, retention, access controls, alerting, and how to verify your controls before an audit.

Feb 12, 20268 min read
Compliance

Open Source License Management: Tools and Workflow

A practical breakdown of how mature engineering teams do license management open source style: scanning dependency trees, classifying license risk, and building a workflow that does not slow releases down.

Feb 11, 20266 min read
Compliance

EU Cyber Resilience Act Enforcement Timeline 2026

The EU Cyber Resilience Act is already biting in 2026. Here is the enforcement timeline manufacturers, integrators, and open source stewards need to internalize now.

Feb 11, 20268 min read
Standards

ISO/IEC 42001: AI Management Systems Reach Adoption Critical Mass

ISO/IEC 42001:2023 went from new-standard status to enterprise compliance benchmark in 2025, with major SaaS vendors certifying and the EU AI Act referencing it as a harmonized pathway.

Feb 10, 20267 min read
Compliance

NIS2 in Spain: The Delayed Transposition and Commission Reasoned Opinion

Spain's draft NIS2 law was approved by the Council of Ministers on 14 January 2025, but had not been published in the BOE by January 2026, triggering Commission action.

Feb 9, 20266 min read
Incident Analysis

How to set up an incident response plan

A practical guide to building an incident response plan for software supply chain security, with a ready-to-use playbook template and concrete detection steps.

Feb 9, 20268 min read
Cloud Security

How to set up AWS Organizations Service Control Policies

A practical, command-by-command guide to AWS Organizations SCP setup — from enabling policy types to real guardrail examples, rollout, and troubleshooting.

Feb 8, 20268 min read
Application Security

What is Secure by Default

Secure by default means software ships in its safest state out of the box. See real breaches, standards, and pledges driving this shift.

Feb 6, 20266 min read
AI Security

ISO 27001 Mapping: Griffin AI vs Mythos

ISO 27001 Annex A has 93 controls in the 2022 revision, each needing documented evidence. Griffin AI emits records that map cleanly. Mythos-class pure-LLM tools force control owners to narrate.

Feb 5, 20267 min read
Case Studies

Federal Agency FedRAMP Evidence Pack in 30 Days

An anonymized look at how a US federal civilian agency assembled a complete FedRAMP High supply chain evidence pack in 30 days using Safeguard.

Feb 5, 20267 min read
compliance (Page 25) — Safeguard Blog