Compliance · 12 articles

Compliance Programme Timelines

Honest project schedules for SOC 2, ISO 27001, HIPAA, PCI DSS, NIST CSF, EU AI Act, and ISO 42001.

We publish realistic, phase-by-phase project plans for the compliance frameworks that actually matter to US security and privacy teams. No vendor funnels, no affiliate links, no sponsored content — just the durations, dependencies, and gotchas that compliance leads need to build a programme that survives an audit.

Why we write this way →

Compliance · Guide

ISO 27001 Implementation Roadmap: The 12-Month Project Plan

A 12-month ISO 27001:2022 implementation roadmap with phased Gantt chart, realistic durations for each phase, and honest guidance on where programmes typically slip.

Compliance · Guide

EU AI Act Compliance for US SaaS: The 2026 Project Timeline

A project timeline for US SaaS companies preparing for the EU AI Act's August 2026 deadline, with phased Gantt, honest guidance on Article 6 uncertainty and the Digital Omnibus proposal, and overlap with ISO 42001.

Compliance · Guide

Compliance Programme Timelines

ISO 27001 Implementation Roadmap: The 12-Month Project Plan

EU AI Act Compliance for US SaaS: The 2026 Project Timeline

SOC 2 Type II Project Plan: A 6-Month Gantt for Your First Audit

HIPAA Compliance Project Timeline for Healthcare SaaS

NIST Cybersecurity Framework 2.0 Implementation: A Programme Schedule

PCI DSS 4.0 Project Plan: A 9-Month Compliance Roadmap

Mapping Your SOC 2 Programme to Your ISO 27001 Work: A Dual-Track Gantt

ISO 42001 Implementation: The AI Management Programme Schedule

GDPR Implementation Programme: A Gantt-Based Project Plan for US SaaS

Running ISO 27001 and ISO 42001 as a Combined Programme: The Consolidated Gantt

Continuous Compliance in 2026: Quarterly Evidence Collection Schedules

Vendor Risk Management Programme: The Annual Project Cycle