Arvid Berndtsson
Back to projects

Compliance Simplified

security compliance governance

I built Compliance Simplified as a way for others to learn a little bit about what I work with on a day-to-day basis. I work a lot on compliance; I would say the majority of the work I do is compliance and regulatory related. I wanted to try to build a website purely using “vibe-coding.” Yes, I hate it, but I wanted to try it out once more since it’s been some time since I used it, and several models have passed, and now tools have popped up since then.

Compliance Simplified is a quick guide to both ISO/IEC 27001:2022 and SOC 2. It also comes with some additional features, like a quiz for those of us who are extra nerdy and want to map a specific security topic to an Annex of ISO 27001:2022, and possibly more in the future.

There is also a wiki that is based on common ISO 27001 and SOC 2 topics and questions.

Why I Built This: The Compliance Problem

Here’s the thing, compliance work is everywhere in my world. Whether I’m helping companies get their security programs up to speed or working through audit findings, I’m constantly dealing with the same questions and challenges that come up again and again.

The problem is that most compliance resources out there are either:

  • Too academic - written like textbooks that put you to sleep
  • Too generic - one-size-fits-all guides that don’t help with real-world scenarios
  • Too expensive - consulting firms charging thousands for basic information
  • Too scattered - you have to piece together information from a dozen different sources

I wanted to create something that actually helps people understand what they’re dealing with, without all the corporate speak and unnecessary complexity.

What Makes This Different

This isn’t your typical compliance website. For starters, I built it using what I call “vibe-coding” - basically letting AI help me build things quickly without getting bogged down in perfect architecture. I know, I know, it sounds terrible, but I was curious to see how far the tools have come since I last tried this approach.

The result is a site that’s actually useful rather than just looking professional. Here’s what you get:

The ISO 27001 Guide

A complete walkthrough of the 2022 version of ISO 27001, broken down into digestible chunks. Instead of just listing controls, I explain what they actually mean in practice and how to implement them without losing your mind.

SOC 2 Framework

Step-by-step guidance for getting SOC 2 Type II compliance. This is the gold standard for SaaS companies, and I’ve seen enough audits to know what trips people up. The guide focuses on the practical stuff - what auditors actually look for, common pitfalls, and how to build processes that actually work.

The Quiz (For the Nerds)

This is probably my favorite part. I built an interactive quiz that tests your knowledge of ISO 27001 controls and maps security topics to the right annexes. It’s perfect for security teams who want to make sure they’re covering all the bases, or for anyone who wants to geek out about compliance for a few minutes.

The Wiki

A growing knowledge base built around the questions I get asked most often. It’s community-driven, so it gets better over time as people contribute their own experiences and insights.

The “Vibe-Coding” Experiment

I have to admit, I was skeptical about building a whole website this way. The last time I tried AI-assisted development, the results were… let’s say interesting but not exactly production-ready.

But things have changed. The models are better, the tools are more sophisticated, and I was curious to see if I could build something useful without spending weeks on perfect code structure and architecture.

The verdict? It’s actually pretty impressive what you can build quickly now. The site works, it’s fast, and it serves its purpose. Is it the most elegant codebase I’ve ever written? No. But it’s functional, maintainable, and most importantly, it’s helping people understand compliance better.

What’s Next

This is very much a living project. I’m constantly adding new content based on the questions I get from clients and colleagues. Some ideas I’m playing with:

  • Automated gap assessments - tools that help you figure out where you stand
  • Template libraries - actual policies and procedures you can use
  • Case studies - real examples of how companies have tackled specific compliance challenges

Getting Started

The whole point of this project is to make compliance less intimidating. Whether you’re just starting to think about security compliance or you’re in the middle of an audit, there’s something here to help.

Start with the main site for an overview, then dive into the specific guides for ISO 27001 or SOC 2. Take the quiz to test your knowledge, and explore the wiki for deeper dives into specific topics.

Why This Matters

Compliance doesn’t have to be a nightmare. When done right, it’s actually a framework for building better, more secure systems. The problem is that most people get overwhelmed by the complexity and end up either doing nothing or doing the wrong things.

My hope is that this project helps bridge that gap - giving people the knowledge and tools they need to build compliance programs that actually work, rather than just checking boxes to satisfy auditors.

What started as an experiment in AI-assisted development has turned into a resource that’s helping real companies navigate the compliance landscape. It’s proof that you don’t need perfect code to build something useful, and that sometimes the best way to learn is to build something that helps others learn too.

Check It Out

You can explore the live site at compliance.arvid.tech and dive into the code on GitHub.