
Zero Trust Security Model: A Step-by-Step Guide
Did you know that (according to IBM) “the average cost of a ransomware attack is about $4.54 million, not including the cost of the ransom itself?” That’s because, as the digital landscape evolves, traditional security measures are no longer sufficient to protect sensitive data and networks. Cyber threats are becoming

10 Ways to Protect Your SaaS Business from Ransomware Attacks
According to Wired.co.uk, “…victims have paid ransomware groups $449.1 million in the first six months of this year…If this year’s pace of payments continues … the total figure for 2023 could hit $898.6 million. This would make 2023 the second biggest year for ransomware revenue after 2021”. Corvus Insurance Discover

Compleye Employs Full-Time Commercial Director, Heikki Erola
Entrepreneur, startup founder & SaaS builder, Heikki Erola, joins Compleye as Director of Commerce. Where’d he come from? Born and bred in Finland, Compleye’s new Director of Commerce has lived in a number of countries and now resides in Barcelona. An entrepreneur, Heikki has been working in software and in

A Quick Guide to SOC2, ISO 27001, and ISO 9001 Frameworks
In today’s digital era, maintaining security, quality, and efficiency is paramount for any organization. To help businesses meet these standards, several frameworks have been introduced. Three of the most well-recognized ones are SOC2, ISO 27001, and ISO 9001. This post will provide a brief overview of each, followed by a

Essential Privacy and Security Measures for Company Computer Use
With cyber threats evolving rapidly and data breaches becoming increasingly common, organizations cannot afford to neglect these essential aspects of their operations. Here’s a quick guide to the primary privacy and security measures all companies should implement for their computer use. Make sure you can check off all these measures

What is Compliance Management?
It might sound simple, but it’s strangely not that easy to accurately define compliance management, or for that matter, explain the importance of compliance management and how it enhances your information security posture. Let’s take some time to do just that and to look at key examples of compliance management

Understanding ISO 9001: Who Needs it and why it’s Crucial for Your Business
A Quality Management System (QMS) is a vital component of any business wanting to ensure customer satisfaction by delivering high quality products or services to their clientele. But how do you keep track of quality and how do you ensure consistent quality throughout your organisation? The answer – ISO 9001.

ISO 27001 Risk Assessment for your ISMS: 7 Examples to get you Started
In today’s digital age, businesses are constantly faced with potential risks and threats to their information security – hazards that could have dire financial consequences. In fact, according to a report by IBM the average cost of a data breach in 2022, in the USA, was $9.44. million. To ensure

ISO27001 KPIs – 10 prime examples you should track
When it comes to ISO27001 it’s vital that you keep track of your ISMS’s effectiveness. Although ISO27001 doesn’t give exact KPIs or provide an outline of how to track your ISMS’s effectiveness, it’s important to regularly evaluate the performance of your security measures. To make life a little bit easier,

The Risks of Using AI Tools like ChatGPT in ISO 27001 Compliance: What To Look Out For
Love it or hate it, ChatGPT, and in fact, AI (Artificial Intelligence) in general is here to stay. All those in favour say AI should be seen as a tool that can be used to make organisations and individuals more efficient, while all those against wonder if we are falling

ISO 27001:2022 The transition
The ISO 27001:2022 transition audit. The phrase strikes fear into the hearts of many tech startups who have already been diligent enough to obtain their ISO 27001:2013 certification. But, fear not. If you’re already certified with ISO 27001:2013, that certification is still valid until the end of your certification cycle

The Essential ISO 27001 Internal Audit Checklist (+ FREE Template)
As part of your ISO 27001 certification process, you’ll need to conduct an ISO 27001 internal audit to ensure that your Information Security Management System (ISMS) meets all of the ISO 27001 standard’s requirements.

Complete Checklist For ISO 27001 Compliance (2023)
Becoming ISO 27001 certified is a sure-fire way for startups to grow their client base, increase earnings and enforce safety and security. But, attaining your ISO 27001 certification can be complex and overwhelming.

Funding stages, Startups and Compliance
Starting a business can be an exciting but challenging journey, and funding is one of the most crucial aspects that founders need to consider.

Startup Compliance: the why, what and who
At Compleye, we understand the startup journey. We know your path is different to that of a big corporate. In this article we’ll look at why compliance for startups can be more challenging than compliance for corporates. We’ll take a look at the common mistakes that startups make when it

10 ISO 27001 Non-Conformance Examples, Both Minor and Major
In this article, we take a look at what non-conformance means, the difference between a major and a minor non-conformance, how to avoid and correct non-conformities, and we examine ten ISO 27001 non-conformance examples.

ISO 27001 vs. NIST Cybersecurity Framework: What’s The Difference?
It’s vital to understand the difference between ISO 27001 and NIST CSF before deciding which one to go for. We explain the difference in detail.

ISO 27001 vs. SOC 2: What’s The Difference?
It’s vital to understand the difference between SOC 2 and ISO 27001 before deciding which one to go for. We explain the difference in detail.

Compleye Employs CTO, William Hurst
South African born entrepreneur turned CTO, William Hurst joined Compleye in October 2022. Where’s he from? With an entrepreneurial, rather than an academic brain, William started (and quickly ended) his studies at Stellenbosch University in the early 2000s. Leaving to explore the exciting world of software engineering and coding. Once

How to Write an ISO 27001 Scope Statement (+3 Examples)
In this scope statement guide, we tell you the what, how and why of writing an ISO 27001 scope statement.

Top 10 ISO 27001 Certification Software Tools (2023)
To help you get your ISO 27001 certification, we’ve put together a list of the best ISO 27001 certification software tools out there.

What are the Mandatory Documents Needed for ISO 27001?
The list of documented information for ISO 27001 certification is a lengthy one. However, not all of the documentation is mandatory and your auditor is not necessarily going to want to scrutinise everything you’ve compiled. But, as we always say, better safe, secure and certified than sorry. We’ve compiled a

The costs of: ISO 27001 Certification
In this article, we’ll tell you why IS0 27001 certification is worth it, and we’ll show you which costs you can expect.

What is ISO 27001?
We are going to be very short and simple with this article, just how we think Compliance should be and that is exactly what we do at Compleye, making it simple! Let´s go over the most asked question about ISO 27001: What is ISO 27001? It is an international standard

ISO 27001 Certification: Common pitfalls
Let us break it down for you. The ISO 27001 certification is not a walk in the park, and its challenges are not like riding a bike. With challenges, challenges will arise. When challenges arise, mistakes are there to be made. Mistakes, though, are proof that you’re trying. Just make

Security Data Training
Becoming aware of the Security Data Training Small mistakes can have large consequences. It just takes one innocent employee to accidentally click on the malicious attachment in a phishing email, for a companies’ device to get infected with malware that leads to sensitive information ending up in criminal hands. So

It’s Internal Audit time
If you are a fanatic – or less fanatic – reader of our articles, you will probably know the importance of ensuring information security and regulatory compliance by now. Therefore, evaluating performances and managing risks in that area is highly crucial for organisations. Are we making progress towards our compliance

The number of ISO standards – it’s a numbers game
If you have been following Compleye for quite some time now – good on you – ISO 27001 is a term that you won’t be unfamiliar with. Question is whether you know that ISO 27001 has some brothers and sisters in the ISO-family. Well, some… Let’s actually make that a

What are the internet cookies
Cookies. The ones we occasionally crave, that smell like our childhood home, tend to make us very happy. Internet cookies or digital cookies, however, operate a little differently. The biggest difference? We can’t consume them. Though, you can wholeheartedly leave that up to your browser. Let’s be honest. All internet creatures,

The DPO and PO: their differences
You’re probably getting used to us elaborating important abbreviations out of the industry by now. No worries, we got more in store for you today. We are going to tell you about the DPO and the PO – and their differences – within organisations. So, let’s go and dive into

Top 3 tips for Privacy/GDPR frameworks
As data protection and privacy become a higher corporate priority, compliance and risk professionals would be wise to leverage frameworks regarding privacy. Since we are both compliance professionals and wise, we will provide you with 3 things that anyone should focus on when implementing ISO27001. Focus on Privacy and GDPR.

Not so fine GDPR fines
Fines. Charges. Penalties. Many will consider these (and similar) words to be negative, mood-killing, or even terrifying. The number and the size of the fines that are imposed regarding the GDPR, the General Data Protection Regulation, are just that. Don’t worry, this article is not your next horror story. We

Privacy Policy : The ultimate checklist
Have you decided that it’s time to revise your privacy policy? Are you busy with starting a new business? Have you recently launched a website or application? Or have you expanded into new markets and territories? Good for you! It might not be the most thrilling part of your work, but

Passing passwords
People and passwords. Our love-hate relationship is not that strange, since – in our busy lives – it’s something else to remember and something else to forget. Therefore, at the convenience end of the scale, you can use the same password for everything; from your bank account to a cooking

SOC 2, who?
Today is a great day for abbreviations, don’t you think? Great, let’s go. The American Institute of Certified Public Accountants (AICPA) introduced the System and Organization Controls (SOC). This is the name of one of the more common compliance requirements that (tech) companies should meet today based on the Trust

How to: Noticing phishing emails
Emails. Just like they can be either formal or informal and personal or general, they can be either real or false. We know these false emails as phishing emails. Phishing emails, unfortunately, is not a new phenomenon. It has been the most common attack vector for cybercriminals for a number

Start-ups and compliance: why you should start after all
Hey, busy worker. We totally understand that, as a start-up founder or employee within a brand new company, you are dealing with a lot of stuff. You are (contributing to) building everything from the ground, which deserves a big round of applause. Though, being that busy can lead to losing

When does one talk about a data breach?
Any idea where the sensitive data within your company goes? Where the medical patient records, the identity information of clients and employees or the lists with contact- and payment details end up? Data breach is a growing trend. Not the type of trend that is fun, like trends in clothes,

TNW Amsterdam, here we come!
Meetings, pitch, demo, coffee, repeat. If that doesn’t sound like music to our ears, we don’t know what will. Luckily, this is exactly what the 16th and 17th of June entails for the team of Compleye, when we will be present at TNW conference in Amsterdam with our very own

Just a little about Compleye
When Compleye’ s CEO Karolin started to be busy with the topics security, privacy and quality, she was searching for likeminded people that would be able to break out of the fixed patterns and the set old ways of compliance. She didn’t necessarily search for developers – she sought people

The GDPR policy – Compleye’s advisory advice
The GDPR policy – yet another abbreviation to keep in mind. Please do. The General Data Protection Regulation is super important, since it governs the way in which personal data (yes, also yours) is gathered and handled in the European Union. Long story short: it tells you about your rights. Quite an

Why did we decide to create DIY Compliance Tool?
What if we tell you that you can start with your business’ compliance matters all by yourself? Yes, you’re reading it correctly: use your rookie – based knowledge and tackle them without compliance officers or wizkids. Please say hi to DIY Compliance Tool within the online platform of Compleye. Do

Compleye’s Startupper: Overview never felt so good
If we’d ask you how many tools your company is using, could you name them? Which subscriptions are monthly and annually billed from your bank account? Any idea which people have access to every single one of your business’ 3000 excel files? You probably didn’t even know that there were

Cyber securing your company without the ISO27001 certification: 5 tactical tips
ISO27001 certification You have probably heard about the term by now, whether you own a business, you’re employed, or you have read earlier articles of Compleye. In the latter case, kudos! ISO27001 certification is what specifically deals with the security of data. Is the certification convenient? Undeniably. Is it mandatory or

Our ISO27001 certification approach, makes it almost fun!
How is your ISO27001 certification working out for you? There is a reasonable chance that collecting all necessary documentation makes you want to throw your pc out of the window. Don’t. Compleye is here to the rescue. “Making compliance almost fun”, is one of our quotes for a reason.

The X-Ray is your Compliance Start!
“X-ray noun [eks-rei] – a type of radiation that can go through many solid substances, allowing hidden objects such as bones and organs in the body to be photographed”. Don’t worry, we are not going to examine the internal composition of your body. Though, we will do this to your business. Truth or dare?

Keen on Lean: Compleye’s Lean Compliance Designers.
Let us take you on a journey. In the interesting – give it a chance – world of compliance, (amongst others) you will find compliance officers, compliance managers, compliance consultants and compliance designers. But what are the differences between those positions? And more importantly: why does Compleye choose to work with Lean Compliance Designers, in order to support your company and its security and privacy challenges?