Insights & Perspectives

Senior-practitioner writing on ISO certification, AI governance, privacy, and risk for growing companies.

CMMC Phase 2 Is Suspended: What Defense Contractors Should Do
Cybersecurity

CMMC Phase 2 Is Suspended: What Defense Contractors Should Do

The DoD suspended CMMC Phase 2 and paused all future milestones pending a 60-day task force review. A suspension is not a repeal. Here is what actually changed, what did not, and why defense contractors should keep their NIST 800-171 programs moving.

July 14, 2026 · JBW Group Team
ISO 27701:2025: What Changed and Why It Matters
PrivacyISO Compliance

ISO 27701:2025: What Changed and Why It Matters

The 2025 revision of ISO 27701 modernizes privacy certification and, for the first time, lets you certify without ISO 27001 first. Here is what changed and what to do about it.

June 26, 2026 · JBW Group Team
AI Governance Is No Longer Optional. Where to Start.
AI GovernanceISO Compliance

AI Governance Is No Longer Optional. Where to Start.

AI went from pilot to production in a year at most companies. Governance did not keep pace. Here is where growing companies should start, and how ISO 42001 and the NIST AI RMF fit.

June 10, 2026 · JBW Group Team
What First-Time ISO 27001 Certification Actually Takes
ISO Compliance

What First-Time ISO 27001 Certification Actually Takes

Most companies pursue ISO 27001 because a customer, contract, or lost deal forced the issue. Here is what first-time certification actually involves, phase by phase, and where companies stall.

May 22, 2026 · JBW Group Team