Insights
Practical guidance on IT strategy, cybersecurity, and compliance — written by practitioners, not marketing teams.
ISO 27001 Is Now Mandatory for Türkiye's EV Charging Operators — A Practical Readiness Guide
Türkiye now requires CPO software and remote-access infrastructure to comply with TS ISO/IEC 27001. A calm, practical readiness path before the ~March 2027 deadline.
Read articleCyber Essentials in 2026: What the New Danzell Question Set Means for Your Renewal
Cyber Essentials moved to the new Danzell question set on 26 April 2026. Here's the five-day fix window, AI tools in scope, passkeys, and what your renewal now needs.
EU AI Act high-risk deadline pushed to late 2027 — what the Digital Omnibus actually means for your business
The EU AI Act's high-risk rules just moved from August 2026 to around December 2027. Here's what changed, what didn't, and why you shouldn't down tools.
No Patch, Live Attacks: What the Exchange Zero-Day and 18-Year-Old NGINX CVE Mean For Your Business
On 21 May 2026, three serious CVEs landed inside 24 hours: an Exchange zero-day with no patch, an 18-year-old NGINX flaw (found by AI), and Cisco SD-WAN's sixth zero-day of the year. UK GDPR, NIS2, EU AI Act, and KVKK perspective on what they mean for your business.
MOVEit Hit Again, CISA Said Isolate: The Compound Lesson UK Mid-Market Cannot Ignore in 2026
CVE-2026-5174 in MOVEit Automation and the CISA isolation-first directive land in the same week. For UK SMEs and charities, the message is one: breach is inevitable, isolation and recovery readiness are not.
Cyber Essentials v3.3 (28 April 2026): The MFA Mandate UK SMEs Cannot Defer
IASME shipped Cyber Essentials v3.3 on 27 April 2026. The single biggest change: MFA mandatory across every cloud service in the boundary. Here is the 14-day prep checklist designed for UK SMEs renewing this year.
SailPoint GitHub Breach: 3 Identity-Management Lessons for UK SMEs
On 20 April 2026 SailPoint disclosed a GitHub source-code repository exposure. The incident has lessons for every UK SME — particularly those that rely on identity providers as supply-chain dependencies. Three control gaps need attention this quarter.
UK SME NIS2 Compliance: Complete Implementation Guide 2026
UK SMEs in our analysis framework are not directly in scope for NIS2 — but they are in scope through their customers' supply chains. This guide gives an IT director or compliance officer in a 50-250-person UK business a complete, practical roadmap to NIS2 compliance: scope determination, Annex I cybersecurity measures, Article 21 governance, Article 23 reporting, supply chain controls, and a 12-month implementation plan.
Broadcom Alternatives 2026: Migration Guide & Decision Matrix
Broadcom's VMware acquisition ended perpetual licensing in February 2024, forcing organisations to reassess their infrastructure strategy. This guide covers the leading alternatives, transition costs, and a decision matrix for UK and EU organisations.
IASME Cyber Essentials: The UK Certification Guide 2026
IASME is the NCSC's official Cyber Essentials delivery partner, administering certification for over 215,000 UK organisations. This guide covers all five controls, CE versus CE Plus, certification costs, and the key changes for 2026.
Competitor Analysis Tools for UK SMEs in 2026: What Actually Works
Most "competitor analysis tools" are dashboards full of vanity metrics. This guide covers the four practical signals that actually inform UK SME strategic decisions, the tools that surface them, and the manual workflow that beats most paid platforms.
IT Audit Services for London SMEs in 2026: A Buyer's Guide
What an IT audit actually delivers, what it does not, and how London SMEs select an auditor proportionate to size, sector and regulatory profile. Covers Cyber Essentials, ISO 27001, NIS2 supply-chain assurance and FCA Operational Resilience.
The 2026 Digital Transformation Maturity Model: Where Are You?
A four-tier digital-transformation maturity model that separates organisations who have a digital strategy from organisations whose strategy is digital. Covers the eight scoring dimensions, the typical 12-month investment to move up a tier, and what actually progresses you.
EU AI Act Article 4 AI Literacy: What "Reasonable Measures" Actually Look Like
EU AI Act Article 4 has been live since 2 February 2025 and is the most-overlooked obligation in the regulation. This guide explains what "reasonable measures" mean, what evidence regulators expect, and how SMEs satisfy the obligation pragmatically in 2026.
How to Build an AI System Register: EU AI Act + ISO 42001 + NIST AI RMF
A practical guide to building a multi-framework AI system register for SMEs. Covers EU AI Act risk classification, ISO/IEC 42001:2023 alignment, NIST AI RMF posture and the ICO AI auditing framework — and the pitfalls that destroy AI-inventory programmes.
Business Continuity Plans Under ISO 22301 and NIS2 Article 21(c): A 2026 SME Guide
A practical guide to building an audit-ready business continuity plan for a UK or EU SME. Covers Business Impact Analysis, RTO/RPO targets, NIS2 Article 21(c) compliance, ISO 22301 clause mapping, and the four mistakes that destroy SME BCPs.
AI-Generated ISO 27001 and NIS2 Policies: A 2026 SME Guide
Twelve compliance policies you actually need under ISO 27001:2022 and the NIS2 Directive — with a practical method to draft them in minutes rather than weeks. Includes the seven sections every audit-ready policy must have.
Vulnerability Scanning for UK SMEs in 2026: A Practical Buying Guide
What "vulnerability scanning" actually buys you, what it does not, and how UK SMEs without a dedicated security team set up a credible programme without enterprise-tier budgets. Covers Cyber Essentials, Cyber Insurance and NIS2 supply-chain expectations.
NIS2 ve Turk KOBİ'ler: AB'ye Ihracat Yapiyorsaniz Ne Yapmalisiniz?
NIS2 Direktifi Turk sirketleri icin zorunlu degil — ama AB tedarikcisi veya musterisi varsa dolayli olarak etkiliyor.
Ingiltere'de Sirketin Var mi? Companies House Guvenlik Acigi Seni Etkiliyor
Mart 2026 Companies House ciddi bir guvenlik acigini kamuoyuyla paylasti. UK sirketleri icin kritik bilgiler.
Cyber Insurance in 2026: What UK SMEs Actually Need to Know
Insurers are demanding stronger controls. Here is what they check and how to qualify.
Cyber Insurance in 2026: What UK SMEs Actually Need to Know
Cyber insurance premiums are rising. Insurers are demanding stronger technical controls. Here's what they actually check — and how to get coverage without overpaying.
Escaping Broadcom: Why UK SMEs Are Moving from VMware to Proxmox
Broadcom's VMware acquisition triggered price increases of 300-500% for many SMEs. Here's why Proxmox has become the go-to alternative.
NIS2 Compliance Guide for UK SMEs: What You Need to Know in 2026
The NIS2 Directive is now in force across the EU. UK companies with EU operations or customers need to act now. Here's what it means, who's affected, and what to do first.
Compliance updates, weekly
UK & EU regulatory changes, NIS2 enforcement updates, AI Act milestones — distilled into one short email per week. No spam.
Subscribe — it's free