Raize Orion ComplianceBlog
Practical writing for the founding engineer running compliance on the side of a product roadmap. No vendor-marketing puffery — opinions you can disagree with.
- Compliance2026-06-14 10 min read
The SOC 2 readiness checklist: what auditors actually look for
A practical, control-by-control SOC 2 readiness checklist — scoping your Trust Services Criteria, the nine control areas auditors test, the Type I vs Type II decision, and the gaps that quietly fail first-time programmes. No fluff, no sales pitch dressed as advice.
Read post → - Compliance2026-06-13 8 min read
Do we need ISO 27001 or SOC 2? (Yes.)
The eternal startup standoff: ISO 27001 or SOC 2? The honest answer is "whichever one your customer is withholding a signature over." Here is how to actually decide — and why you will probably end up doing both anyway.
Read post → - Product2026-06-13 7 min read
Your compliance dashboard is quietly ignoring your vendors
Traditional vendor assessments end their life in a folder. The questionnaire comes back, gets filed, and never touches your live compliance posture — so your dashboard glows green while a third party's lapsed controls sit unaccounted for. Here is the gap, and what Raize Orion does differently.
Read post → - Compliance2026-06-13 9 min read
Control mapping and continuous monitoring: stop auditing the same control five times
Control mapping is the unglamorous backbone of multi-framework compliance — and the thing that makes continuous monitoring actually possible. Here is how to map once and monitor everything, instead of collecting the same evidence five times for five auditors.
Read post → - Compliance2026-06-03 7 min read
When a customer ticket starts your reporting clock
Anchoring the NIS2 Art. 23 / GDPR Art. 33 clock on the upstream signal time is the right call — but only if you can defend what "awareness was reasonably expected" looks like for that source. Here is how Raize Orion handles the customer-ticket edge case.
Read post → - Founder2026-05-20 4 min read
Why we built Raize Orion
Most GRC platforms are priced for the auditor, not the team that has to use them every day. Raize Orion is built for the founding engineer running compliance alongside a product roadmap.
Read post → - Compliance2026-05-19 7 min read
A 6-month SOC 2 roadmap for first-time founders
What to actually do, week by week, to go from no compliance program to a Type I report in six months. Budget £30-40k year one, including the auditor.
Read post → - Product2026-05-18 5 min read
Where Raize fits next to Vanta, Drata, and Secureframe
The incumbent GRC platforms are excellent if you have the budget. Raize is built for the segment that does not. Here is how the trade-offs actually land.
Read post →