Insights

The compliance
knowledge base.

Practical articles on DPDPA, ISO 27001, GDPR, SOC 2, penetration testing, and everything else your security and compliance programme needs.

Browse by topic
The AI System Lifecycle Under ISO 42001: Stages and Gate Criteria
AI Governance14 min readApr 2026

The AI System Lifecycle Under ISO 42001: Stages and Gate Criteria

Most organisations new to AI governance focus on the moment a model goes live. ISO 42001 forces attention much earlier and much later. A walk through the seven lifecycle stages, the gate criteria at each, and the implementation patterns that actually work in 2026.

Read article
ISO 42001 vs the EU AI Act: Certification vs Regulation
AI Governance13 min read

ISO 42001 vs the EU AI Act: Certification vs Regulation

ISO 42001 and the EU AI Act are deeply complementary, but fundamentally different in nature, scope, and obligation. A clear-headed comparison — what each requires, where they diverge, and how they fit together for organisations exposed to both.

Apr 2026
What Is an AI Management System (AIMS) — And Why Your Organisation May Need One
AI Governance11 min read

What Is an AI Management System (AIMS) — And Why Your Organisation May Need One

Who is responsible for our AI? Where is the inventory? What are the controls? An AIMS is the structured answer. A ground-up explainer of what an AI Management System actually is, what it does, and who needs one in 2026.

Apr 2026
ISO 27001 for Indian IT Services and BPO: Meeting Client Procurement Requirements
ISO 2700111 min read

ISO 27001 for Indian IT Services and BPO: Meeting Client Procurement Requirements

The era when an ISO 27001 logo on a sales deck was enough to clear procurement is over. What enterprise clients actually want from Indian IT services and BPO firms in 2026 — the seven question categories, the common gaps, and how to position certification as a sales asset.

Apr 2026
Why Indian MSMEs Are Pursuing ISO 27001 in 2026 (And What's Driving Demand)
ISO 2700110 min read

Why Indian MSMEs Are Pursuing ISO 27001 in 2026 (And What's Driving Demand)

Six independent forces — DPDPA, procurement, global expansion, the 2022 reset, investor expectations, and a shifted incident landscape — are pushing Indian MSMEs to ISO 27001 simultaneously. Why the cost-benefit has tilted decisively in 2026.

Apr 2026
ISO 27001 Certification Timeline: How Long It Really Takes (With Realistic Milestones)
ISO 2700112 min read

ISO 27001 Certification Timeline: How Long It Really Takes (With Realistic Milestones)

How long does ISO 27001 actually take in 2026? A month-by-month walkthrough of the ten phases, the factors that compress or extend each, and a realistic milestone plan for a 9-month first-time implementation.

Apr 2026
5 DPDPA Mistakes Indian SMBs Are Already Making
DPDPA9 min read

5 DPDPA Mistakes Indian SMBs Are Already Making

Eighteen months from full DPDPA enforcement, five mistakes keep showing up across Indian SMB compliance reviews — from 'we'll wait until enforcement begins' to 'no real grievance redressal'. None are unfixable. All are cheaper to address now than in 2027.

Apr 2026
DPDPA on a Startup Budget: The Minimum Viable Compliance Stack
DPDPA10 min read

DPDPA on a Startup Budget: The Minimum Viable Compliance Stack

There is a clear middle path between treating DPDPA as a problem for later and over-rotating into enterprise compliance overkill. The Minimum Viable Compliance stack — eight components, ₹35k–₹1.5L in direct cost, 60–100 hours of internal time.

Apr 2026
DPDPA for Indian MSMEs: Do Small Businesses Really Need to Comply?
DPDPA11 min read

DPDPA for Indian MSMEs: Do Small Businesses Really Need to Comply?

The single most underappreciated fact about the DPDPA: there is no MSME exemption, no headcount threshold, no revenue floor. A grounded look at what the law actually demands of small Indian businesses, what compliance looks like at MSME scale, and the realistic consequences of doing nothing.

Apr 2026
ISO 42001 Explained: The World's First AI Management System Standard
AI Governance16 min read

ISO 42001 Explained: The World's First AI Management System Standard

ISO 42001 is the first international standard for an Artificial Intelligence Management System — and the only AI governance framework organisations can be formally certified against today. A ground-up explainer of what it is, who needs it, how it relates to the EU AI Act, and why 2026 is the decisive year for adoption.

Apr 2026
ISO 27001 Explained: What It Is, Who Needs It, and Why It Matters in 2026
ISO 2700114 min read

ISO 27001 Explained: What It Is, Who Needs It, and Why It Matters in 2026

ISO 27001 is the world's most widely recognised information security certification. A ground-up explainer of what it is, what it asks of an organisation, who genuinely benefits from pursuing it — and why demand has accelerated heading into 2026.

Apr 2026
DPDPA vs GDPR: 10 Key Differences Every Compliance Team Should Know
DPDPA12 min read

DPDPA vs GDPR: 10 Key Differences Every Compliance Team Should Know

India's DPDPA is enforceable from May 2027 — and it isn't GDPR-lite. Here are the ten architectural differences that matter most when translating a GDPR programme to DPDPA, or building from scratch for the Indian market.

Apr 2026
Newsletter

Stay ahead of
compliance changes.

One email per month. Regulatory updates, practical guides, and expert insights — no spam, no fluff.

Unsubscribe anytime. We respect your inbox.