Knowledge base

Security guides that make compliance make sense.

Q: Are these guides legal or security advice?

They are practical, evidence-backed explanations written by security and compliance practitioners to help you understand your obligations and act on them. For a formal opinion on your specific situation, pair them with qualified counsel - we are happy to work alongside yours.

Q: Do you keep my readiness self-assessment answers?

No. Each assessment runs entirely in your browser and scores live. Nothing is stored, sent or shared. If you want a documented assessment with evidence, that is what a scoping call is for.

Q: How do you keep the content current?

Every guide cites the source it draws from, shows a last-updated date, and is reviewed when regulations or guidance change.

Q: Why do you separate GDPR, NIS2 and DORA so strictly?

Because they cover different things and conflating them leads to scoping the wrong programme. GDPR is privacy law. NIS2 is cybersecurity risk management for in-scope sectors. DORA is operational resilience for financial entities. We map each precisely.

Plain-English, evidence-backed guides to phishing, GDPR, NIS2, DORA and ISO 27001 - written for the founders, CISOs and compliance leads of 50-200 person companies. No jargon walls, no scare tactics. Just what applies to you and what to do next.

Popular: Phishing GDPR NIS2 ISO 27001

Guides and growing, kept current

Frameworks mapped, never conflated

12m

Average read, start to finish

100%

Claims cited to the source

Featured guide

Start with the one most teams need first.

Phishing in 2026 and beyond

Modern phishing is identity and workflow compromise, not just a bad email. What changed, and the controls that actually stop it.

12 min read Foundational Updated Jun 2026 7 chapters

Why phishing is now identity and workflow compromise
The 2026 shifts: AI lures, adversary-in-the-middle, OAuth and QR
A modern defence built on phishing-resistant authentication
How to detect, respond and measure what actually matters

Read the guide Take the readiness check

PHISH

Inside this guide

Phishing is no longer just an email problem
The challenges defining 2026
Build a modern defence
Score your phishing resilience
Detect compromise earlier
Modern phishing incident response

Browse the library

Every guide, by framework.

5 guides

PHISH

Foundations

Phishing in 2026 and beyond

Modern phishing is identity and workflow compromise, not just a bad email. What changed, and the controls that actually stop it.

Foundational12 min

GDPR essentials for European SMEs

The regulation distilled to what a 50-200 person company actually has to do.

Coming soon

NIS2

NIS2 in plain English

Who is in scope, what essential vs important means, and the duties that follow.

Coming soon

DORA

DORA for financial entities

Digital operational resilience pillars, and how they differ from NIS2's remit.

Coming soon

ISO

ISO 27001

ISO 27001 foundations

Building an ISMS your auditor accepts and your team will actually maintain.

Coming soon

No guides match that search yet.

Questions

Before you dive in

Are these guides legal or security advice?

Do you keep my readiness self-assessment answers?

How do you keep the content current?

Why do you separate GDPR, NIS2 and DORA so strictly?

Reading is step one. We will handle the rest.

Bring us your readiness score and we will turn the gaps into a fixed-scope plan, with evidence your auditors trust and clarity your board understands.

Book a scoping call