https://getcheckmark.com/blog/ GetCheckmark — phishing simulation, compliance training, and individual security-awareness certification for regulated industries (SOC 2, ISO 27001, NIST, DORA, PCI DSS). en 2026-04-15 https://getcheckmark.com/blog/what-auditors-actually-look-for-2026.html https://getcheckmark.com/blog/what-auditors-actually-look-for-2026.html 2026-04-10 The annual update on what SOC 2 auditors prioritise in awareness-evidence reviews, based on the audits our customers ran in 2025. Cormac Walsh https://getcheckmark.com/blog/certification-versus-attestation.html https://getcheckmark.com/blog/certification-versus-attestation.html 2026-03-04 Many awareness platforms produce "certificates" that have no audit standing. Here's what produces evidence and what doesn't. Liam O'Connor https://getcheckmark.com/blog/dora-article-13.html https://getcheckmark.com/blog/dora-article-13.html 2026-02-08 Our reading of DORA's training and awareness expectations, based on the first cohort of inspections our customers have undergone. Cormac Walsh https://getcheckmark.com/blog/iso-27001-transition.html https://getcheckmark.com/blog/iso-27001-transition.html 2026-01-12 The 2022 revision reorganised the Annex A controls; awareness-related controls sit in different places under the new structure. Aoife Murphy https://getcheckmark.com/blog/pcidss-v4-awareness.html https://getcheckmark.com/blog/pcidss-v4-awareness.html 2025-12-05 PCI DSS v4.0 expanded the security awareness requirement; what the changes mean for customers in payments. Sinéad Ryan