by Paul Friend, MBA | ISO Lead Auditor | Jan 9, 2026 | Blog, SOC 2
Choosing the right SOC 2 auditor is one of the most consequential decisions an Australian organisation makes during its compliance journey. The quality, experience, and approach of your audit partner directly affects timelines, report credibility, customer confidence,...
by Paul Friend, MBA | ISO Lead Auditor | Jan 5, 2026 | Blog
Summary Virtual Chief Information Security Officer (vCISO) services have become essential for Australian organisations that need strategic cybersecurity leadership but do not have, or cannot justify, a full-time CISO. As cyber threats escalate and regulatory...
by Paul Friend, MBA | ISO Lead Auditor | Jan 4, 2026 | Blog
Summary Vendor risk management platforms are cybersecurity and governance tools that help organisations identify, assess, monitor, and manage risks introduced by third-party vendors. These vendors include SaaS providers, cloud platforms, managed service providers,...
by Paul Friend, MBA | ISO Lead Auditor | Dec 25, 2025 | Blog, ISO 27001
Summary This article reviews the Top 10 ISO 27001 Auditors in Australia (2025) using practitioner-led criteria focused on audit quality, cybersecurity expertise, regulatory alignment, and real-world outcomes. ISO/IEC 27001 remains the global benchmark for information...
by Paul Friend, MBA | ISO Lead Auditor | Dec 22, 2025 | Blog
Summary Cyber risk is often treated as a subset of IT risk. This creates confusion, weak governance, and poor prioritisation. Cyber risk is a business risk with financial, operational, legal, and reputational consequences. IT risk, by contrast, is largely operational....
