Vornin
Start free
Field notes

Vulnerability management,
written down.

Notes on scanning your attack surface, resolving vulnerabilities, and proving compliance from fellow practitioners.

DORA compliance: what the resilience-testing and ICT-risk requirements mean for your IT team

DORA compliance for in-house IT teams: the five pillars, who's in scope, and how to produce the resilience-testing evidence auditors expect.

Mathias Gatz · Co-founder, Vornin 14 min

NIS2 vs ISO 27001: overlaps, requirements, and the gap ISO 27001 leaves open

NIS2 vs ISO 27001 compared for lean EU IT teams: where Annex A and Article 21 overlap, the incident-reporting gap ISO leaves open, and how to prove both.

Mathias Gatz · Co-founder, Vornin 7 min

NIS2 compliance: the requirements, and how to prove you meet them

What NIS2 compliance requires under Article 21, who it applies to, the fines for non-compliance, and how to produce evidence an auditor accepts.

Mathias Gatz · Co-founder, Vornin 16 min

What is a vulnerability scan? A practical guide for European IT managers

What a vulnerability scan does, how often to run one, and why the remediation lifecycle after the scan is what compliance auditors check.

Mathias Gatz · Co-founder, Vornin 13 min

The vulnerability management lifecycle: how to prove every stage happened

The 6-stage vulnerability management lifecycle and the evidence each stage must produce for ISO 27001, NIS2, and DORA auditors.

Mathias Gatz · Co-founder, Vornin 15 min