Compliance FrameworksPCI DSS 4.0: What Changed and What It Means for Your Team SLSara Lindqvist•8 min read•QAE Research PCI DSS 4.0 became the only valid standard on April 1, 2024. The future-dated requirements activated on March 31, 2025. If you have not...
Compliance FrameworksCMMC 2.0 Level 2: The 110 Controls You Need Before the Door Closes MWMarcus Webb•11 min read•QAE Research The Cybersecurity Maturity Model Certification (CMMC) 2.0 final rule went into effect in late 2024, and contractors are now seeing...
Compliance FrameworksHIPAA Compliance for SaaS: A Founder’s Plain-English Guide PSPriya Shah•10 min read•QAE Research HIPAA is the framework founders worry about most and understand least. The Office for Civil Rights (OCR) does not certify anyone,...
Compliance FrameworksISO 27001:2022 – The 11 New Annex A Controls You Cannot Ignore DRDaniel Rios•9 min read•QAE Research The 2022 revision of ISO 27001 collapsed Annex A from 114 controls down to 93, restructured them into four themes, and introduced...
Compliance Frameworks SOC 2 Type II vs Type I: Which One Your Startup Actually Needs in 2026 MCMaya Chen•8 min read•QAE Research Almost every founder we talk to asks the same opening question: do we need a Type I or a Type II? The honest answer is that for...
