Guides.
Reference and how-to content for compliance professionals. We publish guides slowly — only what we'd actually want a colleague to read.
The SOC 2 Vendor Monitoring Guide
What SOC 2 actually requires for ongoing vendor oversight, how auditors evaluate evidence, and a practical operating cadence.
The DPA Review Checklist
A working checklist for reviewing a vendor's Data Processing Agreement — what to verify, what to push back on, and what to live with.
GDPR Vendor Risk Assessment
A working framework for assessing and documenting vendor risk under GDPR — beyond questionnaires, into ongoing operational risk.
Subprocessor Management — A Practical Framework
How to track, evaluate, and respond to subprocessor changes across a vendor portfolio without drowning in noise.
Transfer Impact Assessment — A Working Guide
How to actually conduct and document a TIA without it becoming a multi-week consultancy engagement, plus what to do when the answer is "the residual risk is not acceptable."