<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"><channel>
    <title>KollGuard Blog</title>
    <link>https://kollguard.com/blog</link>
    <description>Compliance, security, and the engineering behind continuous SOC 2 / HIPAA posture.</description>
    <language>en-us</language>
    <item>
      <title>Skip the GRC Platform: Start with a Real Asset Inventory</title>
      <link>https://kollguard.com/blog/soc2-without-grc-platform-asset-inventory</link>
      <guid isPermaLink="true">https://kollguard.com/blog/soc2-without-grc-platform-asset-inventory</guid>
      <description>Small teams don't need Vanta to get SOC 2 ready. They need to do one thing first: actually know what data they're holding and where it lives.</description>
      <pubDate>Fri, 03 Jul 2026 00:40:35 GMT</pubDate>
    </item>
    <item>
      <title>Getting SOC 2 Ready Without a GRC Platform: A Practical Startup Guide</title>
      <link>https://kollguard.com/blog/soc2-ready-without-grc-platform</link>
      <guid isPermaLink="true">https://kollguard.com/blog/soc2-ready-without-grc-platform</guid>
      <description>How lean engineering teams can build SOC 2 compliance evidence using spreadsheets, git, and discipline—without enterprise software.</description>
      <pubDate>Thu, 02 Jul 2026 21:52:55 GMT</pubDate>
    </item>
    <item>
      <title>Welcome to the KollGuard Blog</title>
      <link>https://kollguard.com/blog/welcome-to-the-kollguard-blog</link>
      <guid isPermaLink="true">https://kollguard.com/blog/welcome-to-the-kollguard-blog</guid>
      <description>Compliance, security, and the engineering behind continuous SOC 2 / HIPAA posture.</description>
      <pubDate>Thu, 02 Jul 2026 21:25:18 GMT</pubDate>
    </item>
    <item>
      <title>Post-Quantum Readiness: Why &quot;Harvest Now, Decrypt Later&quot; Is a Today Problem</title>
      <link>https://kollguard.com/blog/post-quantum-readiness-for-startups</link>
      <guid isPermaLink="true">https://kollguard.com/blog/post-quantum-readiness-for-startups</guid>
      <description>Long-lived PHI and financial data is being recorded today to decrypt later. KollGuard scores your PQC readiness against finalized NIST standards.</description>
      <pubDate>Wed, 01 Jul 2026 12:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Detecting Post-Quantum TLS: Reading the ServerHello Your Browser Hides</title>
      <link>https://kollguard.com/blog/detecting-post-quantum-tls</link>
      <guid isPermaLink="true">https://kollguard.com/blog/detecting-post-quantum-tls</guid>
      <description>You can't see the negotiated cipher or key-exchange group from fetch(). KollGuard's active TLS probe reads the raw ServerHello to find PQC gaps.</description>
      <pubDate>Sat, 27 Jun 2026 12:00:00 GMT</pubDate>
    </item>
    <item>
      <title>An AI Advisory Board That Reads Your Real Compliance Numbers</title>
      <link>https://kollguard.com/blog/ai-compliance-advisory-board</link>
      <guid isPermaLink="true">https://kollguard.com/blog/ai-compliance-advisory-board</guid>
      <description>KollGuard's AI advisory board reviews your live posture and returns a prioritized path to audit-ready, grounded in your own numbers.</description>
      <pubDate>Thu, 25 Jun 2026 12:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Closed-Loop Remediation: Finding, Fix, PR, Re-Scan, Verified</title>
      <link>https://kollguard.com/blog/closed-loop-remediation</link>
      <guid isPermaLink="true">https://kollguard.com/blog/closed-loop-remediation</guid>
      <description>Finding problems is the easy half. KollGuard proposes the fix, opens a PR, re-scans after merge, and marks the finding verified.</description>
      <pubDate>Thu, 18 Jun 2026 12:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Agent Watch: Your AI Agents Are Now Part of the Attack Surface</title>
      <link>https://kollguard.com/blog/monitoring-ai-agents-agent-watch</link>
      <guid isPermaLink="true">https://kollguard.com/blog/monitoring-ai-agents-agent-watch</guid>
      <description>MCP servers, CI bots, and service-account agents are new attack surface. Agent Watch monitors them for health, drift, and security.</description>
      <pubDate>Thu, 11 Jun 2026 12:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Work From Your IDE: KollGuard Findings Over MCP</title>
      <link>https://kollguard.com/blog/kollguard-mcp-ide-workflow</link>
      <guid isPermaLink="true">https://kollguard.com/blog/kollguard-mcp-ide-workflow</guid>
      <description>Scoped kgr_ API keys and an MCP integration let agents in Claude Code, Cursor, or VS Code pull live findings and file issues without leaving the editor.</description>
      <pubDate>Thu, 04 Jun 2026 12:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Tracking Remediation Where It Belongs: Issues, Epics, and Support Tickets</title>
      <link>https://kollguard.com/blog/compliance-work-tracking-issues-epics-tickets</link>
      <guid isPermaLink="true">https://kollguard.com/blog/compliance-work-tracking-issues-epics-tickets</guid>
      <description>Built-in Kanban trackers tie remediation work back to the compliance controls it touches — with AI drafting, triage, and one-click import.</description>
      <pubDate>Thu, 28 May 2026 12:00:00 GMT</pubDate>
    </item>
    <item>
      <title>One Finding, Many Frameworks: Mapping to SOC 2, HIPAA, and ISO 27001 at Once</title>
      <link>https://kollguard.com/blog/one-finding-many-frameworks</link>
      <guid isPermaLink="true">https://kollguard.com/blog/one-finding-many-frameworks</guid>
      <description>A single control often satisfies overlapping requirements across frameworks. Use crosswalks so you don't do the same security work three times.</description>
      <pubDate>Fri, 15 May 2026 12:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Tamper-Evident Audit Logs and Hash Chains</title>
      <link>https://kollguard.com/blog/tamper-evident-audit-logs</link>
      <guid isPermaLink="true">https://kollguard.com/blog/tamper-evident-audit-logs</guid>
      <description>How append-only, hash-chained audit logs prove integrity, why auditors trust them, and what tamper-evidence does and doesn't guarantee.</description>
      <pubDate>Fri, 24 Apr 2026 12:00:00 GMT</pubDate>
    </item>
    <item>
      <title>BAAs Explained: When You Need One and What It Covers</title>
      <link>https://kollguard.com/blog/baas-explained</link>
      <guid isPermaLink="true">https://kollguard.com/blog/baas-explained</guid>
      <description>Business Associate Agreements under HIPAA: who's a business associate, what the contract obligates, subcontractor flow-down, and tracking expirations.</description>
      <pubDate>Fri, 03 Apr 2026 12:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Automating Security Questionnaires Without Losing Your Mind</title>
      <link>https://kollguard.com/blog/automating-security-questionnaires</link>
      <guid isPermaLink="true">https://kollguard.com/blog/automating-security-questionnaires</guid>
      <description>Answer SIG, CAIQ, and custom security questionnaires from your live posture and a reusable answer library instead of copy-pasting 200 answers a quarter.</description>
      <pubDate>Fri, 13 Mar 2026 12:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Row-Level Security Mistakes That Fail a SOC 2 Audit</title>
      <link>https://kollguard.com/blog/rls-mistakes-that-fail-soc2</link>
      <guid isPermaLink="true">https://kollguard.com/blog/rls-mistakes-that-fail-soc2</guid>
      <description>Common Postgres and Supabase RLS pitfalls, mapped to the access-control criteria that auditors actually test.</description>
      <pubDate>Fri, 20 Feb 2026 12:00:00 GMT</pubDate>
    </item>
    <item>
      <title>Continuous Compliance vs. Point-in-Time Audits</title>
      <link>https://kollguard.com/blog/continuous-compliance-vs-point-in-time</link>
      <guid isPermaLink="true">https://kollguard.com/blog/continuous-compliance-vs-point-in-time</guid>
      <description>Why SOC 2 Type II grades how your controls operate over a period, and how continuous monitoring beats the annual fire drill.</description>
      <pubDate>Fri, 30 Jan 2026 12:00:00 GMT</pubDate>
    </item>
    <item>
      <title>HIPAA for Developers: The Safeguards That Actually Touch Your Code</title>
      <link>https://kollguard.com/blog/hipaa-for-developers</link>
      <guid isPermaLink="true">https://kollguard.com/blog/hipaa-for-developers</guid>
      <description>A plain-language tour of the HIPAA Security Rule safeguards that show up in your codebase and infrastructure, minus the legalese.</description>
      <pubDate>Fri, 09 Jan 2026 12:00:00 GMT</pubDate>
    </item>
</channel></rss>