Insights
Practical guidance on compliance, information security, and risk management.
Thoughts on compliance, security, and the practicalities of building robust management systems. All written in plain English, focused on what actually matters.
Mandatory AI literacy under the EU AI Act: what Article 4 requires
Article 4 of the EU AI Act has been in force since 2 February 2025. It requires every organisation that uses AI systems, not just those that build …
Internal audit across management system standards: clause 9.2 in practice
Every ISO management system standard requires an internal audit programme. Clause 9.2 is effectively identical across ISO 27001, ISO 22301, ISO 27701, …
IEEE 802.11bf: Wi-Fi sensing as opportunity and threat
IEEE 802.11bf, published on 26 September 2025, is an amendment to the 802.11 family that turns Wi-Fi into a sensing platform. By analysing how radio …
Five recurring themes in ISO 27001 audit findings
An OFI, Opportunity for Improvement, is an audit observation that does not constitute a nonconformity but signals room for the ISMS to mature. They …
Preparing for ISO 42001 certification: a practical roadmap
ISO 42001 has gone from a curiosity to a real certification programme remarkably quickly. Published in December 2023, it is the first international …
$25 million and a video call: what the Arup deepfake scam changed
In January 2024, a finance worker at the Hong Kong office of Arup, the British multinational engineering consultancy responsible for the Sydney Opera …
Past the vanity metrics: measuring security that actually matters
A security leader recently shared a thought on LinkedIn that has stayed with us. “Most security dashboards look impressive. Green metrics. Clean …
Lessons from recent cyberattacks: what they tell us about resilience
When ticketing systems went down at one of Europe’s largest rail operators earlier this year, millions of passengers found themselves staring at …
Axlio ISO implementation roadmap
Implementing an ISO standard can feel complex at first, particularly if it is your organisation’s first certification. In practice the journey …
What ISO 27001 certification really involves
If you are considering ISO 27001 certification, you have probably encountered plenty of marketing material promising quick and easy implementation. …
ISO 27001 vs ISO 22301: what is the difference?
Two ISO standards come up regularly in conversations with Irish organisations: ISO 27001 (information security) and ISO 22301 (business continuity). …
Common ISO 27001 audit findings, and how to avoid them
After supporting numerous ISO 27001 implementations and audits, we have noticed patterns in what auditors find. Here are the most common issues, and …
AI and the collapsed barrier to entry for cybercrime
A decade ago, building a credible phishing email aimed at an Irish business meant either fluent English with familiarity with local business culture, …
Preparing for an ISO 22301 audit: the questions auditors actually ask
An ISO 22301 certification audit is structurally similar to an ISO 27001 audit: a stage 1 documentation review, a stage 2 evidence walk-through, and …
Ready to discuss your requirements?
Let's have a conversation about how we can help your organisation.
Let's talk