Security incident? Suspected breach? 09 71 18 27 69csirt@synacktiv.com

Publications

Completing Compliance with Evidence : A Bottom-Up Approach to NIS2, DORA, and the Cyber Resilience Act

30/06/2026
GRC
GRC (Governance, Risks and Compliance) as it is most often practiced works top-down, you read a piece of regulation, draft a policy, declare coverage, and archive a documentary record. This approach has value, it structures, it documents, it meets an auditor's formal expectations. It also has a known limitation: it mostly reflects what the organization describes and far less easily what actually happens.