Spoiledlunch

Compliance Gets Better When Regulators Ship Tools Instead of Slogans

@spoiledlunch — Fri, 24 Apr 2026 08:20:00 -0400

Article • April 24, 2026 • 2 min read

Topics: GRC

A lot of compliance guidance dies as slideware because it explains principles without changing the operator’s daily work. The more interesting recent GRC signal is that standards bodies and …

Read full analysis →

]]>

Why AI Governance Frameworks Are Security Theater

@spoiledlunch — Mon, 20 Apr 2026 09:00:00 -0700

Article • April 20, 2026 • 4 min read

Topics: AI, GRC

Why AI Governance Frameworks Are Security Theater Most enterprise AI governance frameworks are elaborate exercises in checkbox compliance that miss the actual risks. They’re designed to satisfy …

Read full analysis →

]]>

The SOC 2 Compliance Cargo Cult

@spoiledlunch — Sat, 18 Apr 2026 14:30:00 -0700

Article • April 18, 2026 • 6 min read

Topics: GRC, Security

The SOC 2 Compliance Cargo Cult SOC 2 compliance has become a cargo cult ritual in enterprise security. Organizations implement the ceremonial controls, follow the prescribed procedures, and wait for …

Read full analysis →

]]>

EDPB Sets a 2026-2027 Programme Focused on Compliance and Regulatory Coordination

@spoiledlunch — Thu, 12 Feb 2026 09:00:00 +0100

News Brief • February 12, 2026

Topics: GRC

Summary: The European Data Protection Board adopted its 2026-2027 work programme on February 12, 2026. The programme emphasizes making GDPR compliance …

Read brief →

]]>