Roadmap
SOC 2
Roadmap area for trust-service criteria, evidence mapping, and ISO/NIS2 crosswalks.
A compact framework tree for cybersecurity compliance guidance, controls, evidence, and templates.
Frameworks
Active
ISMS requirements, Annex A control domains, implementation guidance, evidence packs, and audit-ready templates.
Active
Implementation-oriented control guidance, attributes, mappings, and control interpretation references.
Active
Information security risk management notes and links between risk scenarios, controls, treatment, and evidence.
Active
EU personal-data protection requirements translated into processing decisions, engineering controls, operating evidence, and accountable governance.
Roadmap
Roadmap area for trust-service criteria, evidence mapping, and ISO/NIS2 crosswalks.
Roadmap
Roadmap area for EU NIS2 transposition tracking, entity scope, obligations, and ISO/SOC 2 mappings.
Default path
The first level is the framework. The second level is the domain: clauses, control families, implementation guides, evidence, templates, and risk crosswalks.
Start here for the ISMS model, Statement of Applicability, policy structure, roles, and core implementation concepts.
The management-system clauses that define context, leadership, planning, support, operations, evaluation, and improvement.
A.5 controls for governance, policies, suppliers, incidents, business continuity, legal requirements, and information handling.
A.6 controls for screening, employment terms, awareness, disciplinary process, termination, confidentiality, remote work, and reporting.
A.7 controls for physical perimeters, entry, secure areas, monitoring, environmental threats, equipment placement, and clear desk/screen.
Practitioner guidance for turning ISO requirements into implementation plans, operating artifacts, and control ownership.
Evidence packs, audit questions, implementation proof, registers, and records that help prove controls are operating.
Risk treatment, ISO 27005 links, GRC mappings, control relationships, and cross-framework translation notes.
Study notes and control distinction cues for ISO 27001, ISO 27002, and ISO 27005 learning paths.