Compliance Guides

Plain-English Legal Guides for SaaS Founders

GDPR, privacy policies, terms of service, cookie law — explained without the jargon.

Security Policies10 min read19 June 2026

Security Awareness Training Programme: ISO 27001 A.6.3, SOC 2 CC1.4, and How to Build Evidence That Satisfies Auditors (2026)

Security awareness training is required by ISO 27001 A.6.3, SOC 2 CC1.4, HIPAA §164.308(a)(5), and NIS2 Art. 21(2)(g). This guide covers what a compliant training programme looks like, what evidence auditors sample, how to run phishing simulations, and how to achieve 95%+ completion rates with evidence ready for audit.

Read the guide

Ready to generate your compliance docs?

Free GDPR-compliant generators. No signup. No lawyer fees.

See all generators →