Safeguard
Tag

iso-27001

Safeguard articles tagged "iso-27001" — guides, analysis, and best practices for software supply chain and application security.

31 articles

Compliance & Frameworks

Security compliance frameworks cheat sheet: SOC 2, ISO 27001, PCI DSS, HIPAA

SOC 2, ISO 27001, PCI DSS 4.0, and HIPAA share roughly the same engineering controls — build them once and stop re-implementing access control four times.

Jul 13, 20267 min read
Compliance

ISO 27001 application security: the Annex A controls that govern your code

ISO/IEC 27001:2022 added and sharpened Annex A controls for secure development and technical vulnerabilities. Here's how they apply to application and supply chain security.

Jul 7, 20265 min read
Compliance

ISO 27001 vs SOC 2: Which Certification Matters More

ISO 27001 and SOC 2 answer different questions. Here's how to read both when vetting supply chain security vendors like Snyk and Safeguard.

Jul 6, 20269 min read
Compliance

ISO 27001 Annex A controls guide: the software and supplier set

ISO/IEC 27001:2022 restructured Annex A into 93 controls and added new ones for secure development and supply chain. Here is the subset that lands on engineering teams and how to evidence it.

Jul 3, 20266 min read
Compliance

ISO 27001/27002 mapping for application security controls

ISO 27001:2022 maps 10+ Annex A controls directly to secure development. Here's how to evidence them, and where SAST-only tools like Veracode fall short.

Jun 17, 20267 min read
Compliance

ISO 27001 and NIST Framework Alignment for Supply Chain V...

How ISO 27001:2022 and NIST's SSDF, SP 800-161, and CSF 2.0 converge on software supply chain vendors—and where CVE-only scanning tools leave compliance gaps.

Jun 6, 20267 min read
Compliance

SOC 2 Type II vs ISO 27001: what each certification actua...

SOC 2 Type II and ISO 27001 certify different things to different audiences. Here's what each actually covers, and how to evaluate supply chain vendors like JFrog and Safeguard on it.

Jun 1, 20268 min read
Compliance

ISO 27001 compliance for software development teams

ISO/IEC 27001:2022 audits now check 8 SDLC controls directly — SBOMs, vulnerability SLAs, and CI/CD evidence dev teams commonly get flagged on.

May 13, 20268 min read
Compliance

Cheat sheet: meeting security compliance standards

A concrete, numbers-first cheat sheet for SOC 2, ISO 27001, PCI DSS 4.0, and SBOM mandates — deadlines, timelines, and audit gaps that actually matter.

May 12, 20267 min read
Compliance

Does AI pentesting satisfy SOC 2, ISO 27001, HIPAA or PCI...

AI-powered pentesting promises fast compliance checkmarks, but SOC 2, ISO 27001, HIPAA, and PCI DSS 4.0 auditors require more than an automated scan report.

May 4, 20267 min read
Compliance

Cloud Security Standards & Frameworks (ISO/IEC, NIST, CIS)

ISO 27001:2022, NIST CSF 2.0, and CIS Benchmarks now expect software supply chain proof that cloud posture tools like Wiz can't provide alone. Here's what changed and why it matters.

Apr 19, 20268 min read
Comparisons

Vanta vs Drata vs Built-In GRC: Where Compliance Should Live

The two compliance automation leaders are closer than their sales decks admit. The bigger question is whether compliance should live in a standalone tool at all.

Apr 8, 20266 min read
iso-27001 — Safeguard Blog