NIS2 readiness
Check scope and score every risk-management measure.
Start ↗Practical, regulation-by-regulation guidance from the Regwolf compliance team — written for the people who have to operate the rules, not just read them.
Every guide is written by the compliance team that runs these frameworks day to day — not a content desk.
Organised by regulation — NIS2, AI Act, ISO 27001 and GDPR — with each obligation mapped to what you actually do.
Revised as guidance, deadlines and enforcement shift, so you read the rule as it stands today.
In-depth self-assessments for the regulations we cover — instant scorecard, no account needed, detailed PDF report.
Check scope and score every risk-management measure.
Start ↗Find your risk tier and score the obligations that apply.
Start ↗See how close you are to certification across the ISMS.
Start ↗Confirm how GDPR applies and score your accountability.
Start ↗How to operate NIS2, the AI Act, ISO 27001 and GDPR as one coordinated program instead of four parallel fire drills — from control mapping to a single audit-ready evidence layer.
A decision tree for NIS2 scope, sector by sector — and what each classification changes for your obligations.
What regulators expect in the early-warning notification, and how to build the workflow before you need it.
NIS2 puts accountability on leadership. Here is what directors are now expected to approve, oversee and evidence.
A practical walkthrough from prohibited to minimal risk, with the questions that actually determine the tier.
Annex IV translated into a checklist your engineering and compliance teams can actually ship against.
What you must disclose when you build on, or ship, a general-purpose model — and how to keep the records.
How to justify every Annex A control — and every exclusion — so your auditor never has to ask twice.
Run ISO 27001 and SOC 2 in parallel without collecting the same evidence twice or doubling the workload.
The evidence and meetings that make year-two and year-three audits routine instead of a scramble.
Move your RoPA from an annual scramble to a living register that updates as your systems change.
A step-by-step method for assessing high-risk processing — and documenting the decisions that justify it.
Why point-in-time audits miss drift, and how continuous testing keeps your posture honest between reviews.
No articles in this category yet.