Field notes
Notes from inside the audit
Practical, no-fluff writing on GRC frameworks and implementation — the kind of thing we wish existed when we started.
Jun 18, 2026 Jun 2, 2026
How to Build a Risk Register From Scratch
A step-by-step walkthrough for building your first information security risk register, with the columns and scoring logic auditors actually expect.
ISO 27001 vs. SOC 2: Which Should You Pursue First?
A practical comparison of ISO 27001 and SOC 2 for startups and small teams deciding where to start their compliance program.