Why Regulatory Uncertainty is the Best Reason to Adopt ISO 42001 Now
The EU AI Act’s high-risk rules are legally slated for August 2026, but proposed amendments could push them to late 2027. For the unprepared, this ...
ISMS.online Blog
Compliance Matters
Keeping you up-to-date on the world of information security and compliance.
Flying High: The EU Aviation Safety Agency’s Part-IS Rules Explained
The new European Union Aviation Safety Agency’s Part-IS rules have come into place, expanding cybersecurity obligations across the civil avia...
IO Ranked G2 Grid Leader in Governance, Risk and Compliance for Spring 2026
We’re delighted to share that ISMS.online (IO) has been named a Leader in the G2 Grid® Reports for Spring 2026. We achieved ten badges in the Sprin...
Neurodiversity Celebration Week: Bringing Awareness to Action
As we enter Neurodiversity Celebration Week it is important that we consider why this week matters. For many people, it is an opportunity to spread...
The NCSC Wants Critical Infrastructure to “Act Now”: What Does That Mean?
The UK’s critical national infrastructure (CNI) providers are on notice. The National Cyber Security Centre (NCSC) has been ramping up its rhetoric...
A Smarter, Cleaner IO: The UX Improvements Making Compliance Work Easier Every Day
Great software should feel effortless. It should get out of your way, guide you naturally through your work, and make even the most complex tasks f...
US Cyber Agreements Withdrawal Signals Corporate Risk
Recent actions by the US administration make multilateral cybersecurity coordination between that government and others less certain in the future....
A Key EU AI Act Deadline Is Approaching: Here’s What Businesses Need to Know
The EU’s AI Act is reaching the final stage in its tortuously long journey from legislative proposal to enforceable law. It’s been a long time comi...
Stay ahead of the headlines with the IO newsletter
Get a monthly round-up of all the information, privacy and cyber security news direct to your inbox.
UK Financial Services Firms Are Still Failing the Basics, the BoE Warns
The UK’s financial services sector punches well above its weight. London is a close second to New York as the world’s preeminent financial hub and ...
Pay the Ransom or Not? Government Considerations on Paying a Way Out of Cybercrime
The past year has seen two UK legislative proposals focused on the issue of ransomware payments by British businesses. This focus from the UK gover...
EU Digital Omnibus Bill: Joined-up Compliance on the Agenda
The EU has introduced a new Digital Omnibus Bill designed to streamline data protection, cybersecurity and AI regulation. How can organisations ens...
Why Do GDPR Fines Keep Rising?
General Data Protection Regulation fines continue to increase as European regulators toughen their response to data incidents. According to the GDP...
DXS International Breach: Lessons Learned for Healthcare
As high-stakes incidents in the healthcare sector surge, organisations must learn to manage information security, data protection and AI risk as a ...
What the LastPass Breach Tells Us About Compliance in 2026
The GDPR was always meant to be vague. By not listing prescriptive technical controls – as, for example, PCI DSS does – the regulation does a bette...
Is the Government’s Cyber Action Plan Fit for Purpose?
It’s not often the government admits it was wrong. Yet at the start of the year, we were treated to a rare mea culpa: a recognition that a previous...
The Biggest AI Governance Challenges in 2026
This year’s Safer Internet Day theme, smart tech, safe choices – exploring the safe and responsible use of AI, stresses the importance of responsib...
Why Regulators And Investors Expect Companies To Address a Triple Risk
Organizations fret about security and privacy risk. And more recently, they’ve paid attention to AI risk. But how often do they think of all ...
