How to Choose a SOC 2 Auditor in Australia: A Practical Comparison Framework

by Paul Friend | Dec 5, 2025 | Blog, SOC 2

Selecting a SOC 2 Auditor is a critical decision for Australian technology and service providers. The right auditor strengthens security governance, accelerates customer trust and shortens audit timelines. The wrong auditor increases friction, creates unnecessary...

SOC 2 Trust Services Criteria: A Practical Guide for Australian Organisations

by Paul Friend | Dec 2, 2025 | Blog, SOC 2

The SOC 2 trust services criteria are the foundation of every SOC 2 engagement. They define what auditors assess, which controls are in scope, and what evidence organisations must produce. Understanding how the trust services criteria work is therefore essential...

SOC 2 Audit Cost Breakdown and Budget Planning for Australian Organisations

by Paul Friend | Nov 23, 2025 | Blog, SOC 2

This article explains SOC 2 Audit cost components, the difference between Type 1 and Type 2, and how to create a budget that your board and sales teams can trust. Australian organisations are increasingly expected to demonstrate strong security governance,...

Password Security for Australian Organisations: Building a Resilient Credential Strategy

by Paul Friend | Nov 22, 2025 | Blog

Summary Credentials – the combination of usernames and passwords – remain among the simplest yet most exploited attack vectors in Australian organisations. According to the Office of the Australian Information Commissioner (OAIC) the majority of reported cyber...

MITRE Releases ATT&CK v18: Major Overhaul to Detection, Mobile and ICS Coverage

by Paul Friend | Nov 10, 2025 | Blog

The release of MITRE ATT&CK v18 represents one of the most significant changes in the framework’s history. It places a stronger focus on practical detection engineering and cross-platform visibility. For Australian organisations, this update is a chance to align...