Compliance

21 articles in this category.

Compliance April 30, 2026

Director Liability under §43 GmbHG and NIS-2: Why 'Cyber is IT's Job' Can Lead to Personal Bankruptcy in 2026

How §43 GmbHG, §93 AktG, and NIS-2 Art. 20 cement personal management liability for cyber security – and which evidence every director should have on the desk.

Compliance April 28, 2026

Cyber Insurance 2026: Why Insurers Increasingly Decline – And How to Prepare

Cyber policies are getting more expensive, narrower, and more demanding. Which technical minimums insurers expect in 2026 – and how to prove them cleanly.

Compliance April 26, 2026

Hospitals & Critical Infrastructure: B3S, NIS-2 Extension, and Smart Use of KHZG Funds

German hospitals face combined pressure in 2026: B3S obligation, NIS-2 extension to all hospitals, ePA connection, ransomware wave. How to prioritize KHZG funds wisely.

Compliance April 25, 2026

NIS-2 Ready: Health Monitoring, Audit Log, and Alert Rules in the Mail Security Platform

Which operational building blocks a mail security platform must ship to technically meet the NIS-2 requirements on detection, reporting, and response.

Compliance April 19, 2026

DORA for SaaS Providers and Bank Suppliers: What 'Critical ICT Third-Party Providers' Must Deliver in 2026

DORA doesn't only apply to banks – any SaaS provider, IT service provider, or FinTech with financial customers gets pulled in. What 'critical ICT third-party providers' must deliver technically and contractually.

Compliance April 15, 2026

Four-Eyes Principle and Forensic Archive: Two Building Blocks Almost Every Audit Asks About

How a four-eyes approval workflow for mail releases and a WORM-capable forensic archive proactively cover typical findings from ISO 27001 and NIS-2 audits.

Compliance April 12, 2026

M&A Cyber Due Diligence: What Buyers Probe in 4 Weeks – And Where Deals Break

Cyber due diligence is a workstream of its own in 2026 M&A processes. Which findings depress purchase price or kill deals – and which platform evidence builds trust quickly.

Compliance April 8, 2026

German Mid-Market Machinery: NIS-2 Extension, IEC 62443, and Industrial Espionage Risk

German machinery mid-market faces double pressure in 2026: NIS-2 extension hits many unexpectedly, while industrial espionage grows. How to tackle OT security and IEC 62443 in a structured way.

Compliance April 5, 2026

Outbound DLP: Effectively Preventing Data Loss in Email

How a modern mail security gateway detects PII, credit card numbers, IBANs, and API keys in outbound emails – and how a four-eyes release reduces the error rate.

Compliance March 25, 2026

Law Firms, Tax Advisors, Audit Practices: Client Confidentiality, BORA/StBerG and Cyber Security 2026

German professional confidentiality holders are personally liable for breaches – including via cyber incidents. Which minimums BORA, StBerG, and WPO demand in 2026.

Compliance February 27, 2026

IVDB Integration for German Statutory Health Insurance: B3S-Compliant ISMS Without CSV Pain

How direct IVDB integration (CSV import + future API) dramatically accelerates the build of a B3S-compliant ISMS for German health insurers – including conflict detection and progress display.

Compliance February 18, 2026

Supplier & Vendor Portal: Structured Third-Party Risk Management

How an integrated supplier portal with self-service questionnaires, evidence collection, and risk score drastically reduces supplier onboarding effort.

Compliance February 8, 2026

Framework Change Management: Detect Standard Updates Automatically and Reassess

How a GRC platform proactively detects updates to ISO 27001, NIS-2, BSI IT-Grundschutz, analyzes the impact, and coordinates reassessments – instead of manual newsletter shifts.

Compliance January 25, 2026

DORA + NIS-2 + ISO 27001: How a CISO Manages Three Mandates Without Burnout

Three regulatory mandates in parallel, one CISO with two hands. How a multi-framework platform eliminates duplicate work and prevents CISO burnout.

Compliance January 22, 2026

Multi-Framework Compliance: ISO 27001, NIS-2, and BSI IT-Grundschutz From One Platform

How an integrated GRC platform maintains multiple frameworks in parallel, computes cross-mappings automatically, and avoids duplicate work in assessments.

Compliance January 12, 2026

SecTepe.Core: The EU-Native GRC Platform for Compliance, Risk, and ISMS

What SecTepe.Core is, which frameworks the platform covers, and why an EU-native GRC solution becomes the strategic answer to Vanta, Drata & co. in 2026.

Compliance January 28, 2025

Benefits of an External Information Security Officer

Learn why an external ISO is the better choice for many organizations and the advantages of outsourcing this critical role.

Compliance November 22, 2024

ISO 27001: The Guide to Information Security

Everything you need to know about ISO 27001 certification - from the basics to successful ISMS implementation.

Compliance October 15, 2024

NIS2-Compliant Cybersecurity Solutions

The NIS2 directive sets new cybersecurity requirements. Learn what is coming for your organization and how to prepare.

Compliance November 15, 2023

Responsible Disclosure: The BSI's CVD Guideline

The BSI's CVD guideline provides a structured process for coordinated vulnerability disclosure and protects end users through collaboration.

Compliance April 10, 2023

The NIS 2 Directive: What You Need to Know

The NIS 2 directive raises cyber security requirements across the EU and affects critical infrastructure as well as digital service providers.

← View all articles