Sandy Smajic Logo
Insights

Cybersecurity, Compliance & Governance Insights

Practical guidance on ISO 27001, NIS2, DORA, TISAX and building security programs that pass real audits — written from the field, not the brochure.

Featured Insight
Regulation

NIS2 in 2026: What Companies Need to Do Now

National transposition of NIS2 is landing across the EU. Here is a practical, no-panic roadmap for getting your organization in scope, in control, and audit-ready.

By Sandy SmajicJan 14, 20268 min read
Read article

Frameworks I work with

Every article is grounded in the standards that regulators and auditors actually use.

ISO 27001Information security management
NIS2EU cybersecurity directive
TISAXAutomotive information security
DORAFinancial sector resilience
NISTCybersecurity framework
GDPRData protection regulation

Latest Articles

7
Implementation
Dec 3, 20257 min read

ISO 27001 Implementation: Lessons Learned

After leading multiple ISO 27001 programs, the same patterns separate smooth certifications from painful ones. Here are the lessons that actually move the needle.

ISO 27001ISMSCertification
Read article
Audit Readiness
Nov 8, 20256 min read

Why SMEs Fail Security Audits (and How to Avoid It)

Most failed audits don't come from missing technology. They come from a handful of avoidable, organizational mistakes. Here are the ones I see most often.

AuditSMECompliance
Read article
Regulation
Oct 21, 20257 min read

DORA Compliance Explained

The Digital Operational Resilience Act reshapes how financial entities and their ICT providers manage risk. Here's what it covers and how to approach it.

DORAFinancial ServicesResilience
Read article
Strategy
Sep 30, 20258 min read

Building a Security Program That Actually Works

Tools don't make a security program — structure, ownership, and a clear maturity path do. Here's a pragmatic blueprint for building one from the ground up.

Security ProgramStrategyGovernance
Read article
Guide
Aug 12, 20259 min read

NIS2 Directive: Complete Implementation Guide for Mid-Sized Companies

A step-by-step guide to NIS2 implementation tailored for mid-sized organizations: scope, governance, controls, reporting, and ongoing compliance.

NIS2GuideImplementation
Read article
Guide
Jul 9, 20259 min read

TISAX Assessment: Comprehensive Guide for Automotive Industry Compliance

Everything mid-sized automotive suppliers need to know about preparing for a TISAX assessment, from scope and levels to the assessment process itself.

TISAXAutomotiveGuide
Read article