iso-27001
Safeguard articles tagged "iso-27001" — guides, analysis, and best practices for software supply chain and application security.
31 articles
Security compliance frameworks cheat sheet: SOC 2, ISO 27001, PCI DSS, HIPAA
SOC 2, ISO 27001, PCI DSS 4.0, and HIPAA share roughly the same engineering controls — build them once and stop re-implementing access control four times.
ISO 27001 application security: the Annex A controls that govern your code
ISO/IEC 27001:2022 added and sharpened Annex A controls for secure development and technical vulnerabilities. Here's how they apply to application and supply chain security.
ISO 27001 vs SOC 2: Which Certification Matters More
ISO 27001 and SOC 2 answer different questions. Here's how to read both when vetting supply chain security vendors like Snyk and Safeguard.
ISO 27001 Annex A controls guide: the software and supplier set
ISO/IEC 27001:2022 restructured Annex A into 93 controls and added new ones for secure development and supply chain. Here is the subset that lands on engineering teams and how to evidence it.
ISO 27001/27002 mapping for application security controls
ISO 27001:2022 maps 10+ Annex A controls directly to secure development. Here's how to evidence them, and where SAST-only tools like Veracode fall short.
ISO 27001 and NIST Framework Alignment for Supply Chain V...
How ISO 27001:2022 and NIST's SSDF, SP 800-161, and CSF 2.0 converge on software supply chain vendors—and where CVE-only scanning tools leave compliance gaps.
SOC 2 Type II vs ISO 27001: what each certification actua...
SOC 2 Type II and ISO 27001 certify different things to different audiences. Here's what each actually covers, and how to evaluate supply chain vendors like JFrog and Safeguard on it.
ISO 27001 compliance for software development teams
ISO/IEC 27001:2022 audits now check 8 SDLC controls directly — SBOMs, vulnerability SLAs, and CI/CD evidence dev teams commonly get flagged on.
Cheat sheet: meeting security compliance standards
A concrete, numbers-first cheat sheet for SOC 2, ISO 27001, PCI DSS 4.0, and SBOM mandates — deadlines, timelines, and audit gaps that actually matter.
Does AI pentesting satisfy SOC 2, ISO 27001, HIPAA or PCI...
AI-powered pentesting promises fast compliance checkmarks, but SOC 2, ISO 27001, HIPAA, and PCI DSS 4.0 auditors require more than an automated scan report.
Cloud Security Standards & Frameworks (ISO/IEC, NIST, CIS)
ISO 27001:2022, NIST CSF 2.0, and CIS Benchmarks now expect software supply chain proof that cloud posture tools like Wiz can't provide alone. Here's what changed and why it matters.
Vanta vs Drata vs Built-In GRC: Where Compliance Should Live
The two compliance automation leaders are closer than their sales decks admit. The bigger question is whether compliance should live in a standalone tool at all.