Why this site exists¶
Most writing about regulation answers the wrong question. It tells you what the rules say. It rarely tells you what to build.
If you work with regulation — operational resilience, cybersecurity, AI, data protection, whichever flavor lands on your desk — "what the rules say" is maybe 20% of your problem. The other 80% is operational: which controls do you need, which documents must exist, who owns each of them, and what evidence will convince an auditor or supervisor that it all actually works.
That's the gap this site fills. It's a working library of practical artefacts — checklists, document inventories, control mappings, responsibility matrices, worked examples — built from public and official sources plus my own templates, organized as a tree you can drill into.
The blog is where new things land: one concept at a time — a short post explaining it, an artefact you can use the same day, and where it helps, a video walking through it.
If that's useful to you, the resource library is the place to bookmark. This blog is just the changelog.
Personal views, independent work — not legal advice.