Published by the W3C in October 2023, WCAG 2.2 added nine criteria (removing one from 2.1). We examine Focus Appearance, Accessible Authentication, and what matters most for web and mobile audit teams.

The CRA introduces mandatory cybersecurity requirements for products with digital elements, CE marking obligations, and a 24-hour active exploit reporting window. We cover scope and preparation steps.

Running Axe-core or Pa11y in your pull-request pipelines can surface up to 40% of WCAG violations before they reach production. A practical guide to automated a11y gates in GitHub Actions and GitLab CI.

With two major frameworks now available — NIST AI RMF 1.0 (2023) and ISO/IEC 42001:2023 — risk teams ask which to adopt. We compare scope, structure, certification pathways, and which fits your organisation best.

A VPAT is a structured self-declaration of conformance with accessibility standards. We walk through the VPAT 2.5 format, the ACR (Accessibility Conformance Report), common pitfalls, and how to write one that survives procurement scrutiny.

A well-maintained risk register is the backbone of any IT governance programme. We outline a schema aligned to ISO 31000 and COBIT 2019, covering likelihood scoring, impact matrices, and residual risk tracking.