Long-form pieces on the work of doing compliance and security inside a small company. Evergreen and updated as the underlying regulations and practices change.
What to do, what not to do, and what most people get wrong in the first 60 minutes after the page goes off. For on-call engineers, IT leads, and founder-CISOs at small teams. Covers the first ten minutes (is this real / outage vs compromise / who needs to know), the next twenty (open the log), thirty-to-forty-five (containment decision), forty-five-to-sixty (communications and regulatory clock check), and what good looks like at the sixty-minute mark.
The General Data Protection Regulation Article 33 deadline. The awareness moment. The four most common ways the clock is mis-started — and a careful walk through phased notification under Article 33(4). For Data Protection Officers, fractional DPOs, privacy leads, and founder-CISOs handling their first GDPR breach response.
More pieces ship monthly. Each Sylvan Assurance toolkit comes with the evergreen content that is its companion (the 72-hour-clock piece is the public companion to the GDPR Breach Response toolkit; the first-hour piece is the public companion to First 4 Hours).