FOUNDED 2025 · INDEPENDENT UK PRACTICE
01Insights · The library

White papers, briefings and field notes.

The InfoSecAI library is the long-form, evergreen home for our published thinking. Each item is authored by Paul Jolliffe, written for senior practitioners, and structured to support a decision rather than fill a feed. Reviewed when standards change, not on a schedule.

By framework
SERIES · 01 · 2026 From AI Ambition to AI Assurance Five 12-page papers · 1 to 5 Jun 2026 01 02 03 04 05 INFOSECAI · 2026 · 5 PAPERS
Series · 5 papers1 to 5 Jun 2026

From AI Ambition to AI Assurance

Five executive briefings for CISOs, CIOs, CTOs and board sponsors on governing, securing and scaling enterprise AI. One paper per day, this week.

EU AI ActISO 42001NIST AI RMF
Open the series Read Paper 1 LIVE
RELEASING 1 TO 5 JUN 2026
REFERENCE · 05 · 2026 ISO 22301 · BCMS docs Documented vs demonstrated SPINE · THE BIA PLAN · EXERCISE · CORRECT CLAUSE 8 · NO ANNEX A INFOSECAI · 2026 · 6 PP
Field notesPDF · 6 pp

The ISO 22301 Documentation That Decides Your BCMS Certification

A practitioner field note on the mandatory documented information ISO 22301 requires by clause, the supporting documentation, the Business Impact Analysis spine, and why documented is not the same as demonstrated.

ISO 22301
Open paper page Download PDF 6 PP
PUBLISHED MAY 2026
REFERENCE · 04 · 2026 ISO 42001 · AIMS docs The impact assessment spine SPINE · IMPACT ASSESSMENT 38 ANNEX A CONTROLS 42001 ≠ EU AI ACT INFOSECAI · 2026 · 7 PP
Field notesPDF · 7 pp

The ISO 42001 Documentation That Decides Your AIMS Certification

A practitioner field note on the mandatory documented information ISO 42001 requires by clause, the supporting documentation by Annex A, the impact-assessment spine, and why a 42001 certificate is not the EU AI Act.

ISO 42001EU AI Act
Open paper page Download PDF 7 PP
PUBLISHED MAY 2026
WHITE PAPER · 02 · 2026 The CISO role has been rewritten. Most operating models have not. THE ROLE THE OP MODEL 2005 2026 INFOSECAI · 2026 · 21 PP
White paper · 02PDF · 21 pp

The CISO role has been rewritten. Most operating models have not.

A practitioner's white paper for CEOs, boards, CISOs and hiring committees on how security leadership has changed and the operating model boards must now build around it.

ISO 27001NIST CSFISO 42001+2
Open paper page Download PDF 21 PP
PUBLISHED MAY 2026
BRIEFING · 01 · 2026 The vCISO 90-Day Plan Three phases. Twelve milestones. PHASE 01 · DAYS 1-30 PHASE 02 · DAYS 31-60 PHASE 03 · DAYS 61-90 INFOSECAI · 2026 · 11 PP
Briefing · 01PDF · 11 pp

The vCISO 90-Day Plan

The structured first three months of a fractional CISO engagement. Three phases, twelve milestones, the artefacts the board will be shown.

ISO 27001NIST CSF
Open paper page Download PDF 11 PP
UPDATED APR 2026
BRIEFING · 03 · 2026 DORA · The Reality Check 12 months in · five pillars rated I II III IV V INFOSECAI · 2026 · 9 PP
Briefing · 03PDF · 9 pp

DORA · The 12-Month Reality Check

Pillar-by-pillar self-check, third-party criticality matrix and the four-hour major incident notification clock, one year into DORA enforcement.

DORA
Open paper page Download PDF 9 PP
UPDATED FEB 2026
WHITE PAPER · 01 · 2026 Bridging the AI Governance Gap Boards · CISOs · AI engineering POLICY PRACTICE THE GAP INFOSECAI · 2026 · 9 PP
White paper · 01PDF · 9 pp

Bridging the AI Governance Gap

A long-form treatment of the persistent disconnect between AI board policy and the engineering practice that actually deploys models into production.

ISO 42001NIST AI RMFEU AI Act
Open paper page Download PDF 9 PP
PUBLISHED JAN 2026
REFERENCE · 02 · 2025 NIS 2 · Field Notes For UK firms with EU exposure ESS. ESSENTIAL · IMPORTANT · IN-SCOPE INFOSECAI · 2025 · 8 PP
Field notesPDF · 8 pp

NIS 2 Field Notes for UK Firms

A practitioner's read of NIS 2 essential and important entity scope, focused on UK firms with EU subsidiaries, customers or supply chain exposure.

NIS 2ISO 27001
Open paper page Download PDF 8 PP
PUBLISHED DEC 2025
No matching papers

No papers in the library match the current filter combination.

LIBRARY NOTE · PAPERS ARE EVERGREEN, REVIEWED ON MATERIAL CHANGE TO STANDARDS OR REGULATION

02The Brief · subscribe

Sign up once. Receive every paper.

The InfoSecAI Brief sends each new white paper, briefing and field note to subscribers' inboxes on the day it is published. No tracking pixels, no marketing automation, no upsell sequences. Unsubscribe in a single click.