<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>A-R-C Insights</title><link>https://www.a-r-c.me/fachartikel/en.html</link><description>Articles on security governance and regulation.</description><lastBuildDate>Sat, 11 Jul 2026 21:26:20 +0000</lastBuildDate><item><title>Security questionnaire received? Structure first, then answer</title><link>https://www.a-r-c.me/fachartikel/what-to-do-after-security-questionnaire.html</link><guid>https://www.a-r-c.me/fachartikel/what-to-do-after-security-questionnaire.html</guid><description>Why SaaS teams should not improvise security questionnaires — and how structured buyer communication reduces friction.</description><pubDate>Sat, 11 Jul 2026 21:26:20 +0000</pubDate></item><item><title>Are ISO 27001 and a CISO Required by Law?</title><link>https://www.a-r-c.me/fachartikel/iso-27001-ciso-required-by-law.html</link><guid>https://www.a-r-c.me/fachartikel/iso-27001-ciso-required-by-law.html</guid><description>When ISO 27001 or a CISO function becomes relevant through law, contract or governance, with sources on the BSIG, NIS2, GDPR and German company law.</description><pubDate>Sat, 11 Jul 2026 21:26:20 +0000</pubDate></item><item><title>GoBD and Software Development: Must Source Code Be Retained for Ten Years?</title><link>https://www.a-r-c.me/fachartikel/gobd-source-code-retention.html</link><guid>https://www.a-r-c.me/fachartikel/gobd-source-code-retention.html</guid><description>What the GoBD, German Fiscal Code and Commercial Code actually require for source code, program versions, procedural documentation and build tools.</description><pubDate>Sat, 11 Jul 2026 21:26:20 +0000</pubDate></item><item><title>DORA and Software Providers: Who Is Responsible for What?</title><link>https://www.a-r-c.me/fachartikel/dora-software-provider-responsibility.html</link><guid>https://www.a-r-c.me/fachartikel/dora-software-provider-responsibility.html</guid><description>DORA accountability, minimum contract terms, audit rights and exit rights: what financial entities and software providers need to address.</description><pubDate>Sat, 11 Jul 2026 21:26:20 +0000</pubDate></item><item><title>New Regulation: Software Defect or Change Request?</title><link>https://www.a-r-c.me/fachartikel/regulatory-change-software-defect-change-request.html</link><guid>https://www.a-r-c.me/fachartikel/regulatory-change-software-defect-change-request.html</guid><description>When new regulatory requirements fall within existing software support obligations—and when they require renegotiation or a change request.</description><pubDate>Sat, 11 Jul 2026 21:26:20 +0000</pubDate></item></channel></rss>