Welcome Everybody,

The contents of this newsletter are more and more focussing on what we're doing with Askara.

Eventually I will probably phase this personal newsletter out. So if you're interested and what to keep in touch please register through our website: https://askara.solutions/​

Enjoy!

✍🏻 Week 40, 2025 - When the Wheel Started Turning

Hey there,

The past few weeks have been intense, and part of that was due to building up to an ISO27001 audit that happened this week. That deadline pushed everything into high gear, but what came out of it was worth the pressure.

The audit itself reminded me of something I’d understood before but hadn’t fully integrated yet: everything in these ISO standards is built on risk management. I’d known this intellectually, but this time it clicked differently. The reason? Over the past weeks, I’d been diving deep into knowledge graphs for the solution we’ve been building for the IAM event. When the auditor walked me through a wheel metaphor during our session, suddenly these two pieces of understanding collided in my mind.

That collision created a breakthrough insight later in the week!

Finding Order

Our auditor explained the management system using a wheel metaphor that made everything click into place. At the centre sits risk, the hub from which everything else radiates. The spokes are the ISO clauses, the structural framework connecting the centre to the outer layer. And the tyre represents the controls, the practical measures where the system actually touches reality.

What made this metaphor powerful wasn’t just the visualisation. It was understanding the sequence that most organisations get wrong. You start at the hub by identifying risks. You assess them through the framework (the spokes). You select a treatment strategy. Only then do you apply controls at the outer layer. Many companies select controls during risk assessment, essentially trying to put the tyre on before the spokes are properly connected.

The auditor’s key phrase stuck with me: “Everything refers back to and from risk.” If you can’t draw a clear line from a specific risk through your treatment decision to a particular control, something is broken in your system. This isn’t just about documentation. It’s about logical coherence in how you manage uncertainty.

Seeing Patterns

What emerged from this wheel metaphor was a fundamental insight about how ISO standards actually work. They’re all built on the same foundation: risk management within a specific context.

Whether you’re dealing with quality (ISO9001), environment (ISO14001), information security (ISO27001), or asset management (ISO55001), the underlying structure is identical. You determine your risks within a particular context. You decide on treatment through the standard’s clauses. You put controls in place. And based on those controls, you apply an appropriate frequency for the Plan-Do-Check-Act cycle.

I’d understood this before, intellectually. But this time, with knowledge graphs fresh in my mind, it hit differently. Because here’s the thing about knowledge graphs: they’re built to map relationships and verify logical paths. They excel at exactly what the wheel metaphor describes—tracing connections.

That’s when it clicked. If risk management is about maintaining logical coherence between risks, treatments, and controls, and knowledge graphs are designed to verify logical relationships, then we could build something that doesn’t just document these connections but actually checks whether they make sense.

Building Intelligence

This is where things get genuinely exciting. We’re not just digitising compliance or automating documentation. We’re building something that doesn’t exist yet: an intelligent system that understands the logical relationships between risks, controls, and management decisions.

The key is combining three technologies in a way that hasn’t been done before. We’re using knowledge graphs to map the logical relationships between all these elements. We’re leveraging large language models to reason about those relationships and identify gaps or improvements. And we’re grounding everything in relational databases that structure the actual data that’s easy to grasp for humans.

Here’s what makes this different: the knowledge graph can check whether your reasoning is sound. When you say a particular control mitigates a specific risk, the system can trace that logical path and verify whether it actually makes sense given your context. It’s not just storing information. It’s understanding whether your management system is coherent.

This means we can do something most companies struggle with: iterate on an existing management system to make it genuinely watertight. You establish a line of reasoning for the AI to review, it suggests improvements, it can even propose additions, and humans verify the logic before implementation.

Over time, this creates an information security management system (or quality system, or environmental system, or any other ISO standard) that’s perfectly tailored to your specific context. And it can tell you exactly what needs to be done, when, and why.

From Firefighting to Foresight

Most organisations treat compliance as something between a necessary evil and an afterthought. They’re constantly firefighting, updating registers manually when they remember, preparing for audits by scrambling to get documentation in order. The audit becomes about the certificate, not about actually controlling risks.

Even companies that get certified quickly with modern AI approaches still face the same fundamental challenge: execution. You might have your certification in record time, but do you truly control all your risks? Are you staying on top of actions? Can you keep your registers current without tremendous manual effort?

This is what we’re solving. Not faster certification, but genuine risk intelligence. Automations that help you decide what needs to be done and automatically update your registers with results. A system that doesn’t just document your management approach but actively helps you improve it.

The convergence I mentioned at the beginning? It’s all these pieces finally clicking together. The wheel metaphor from the audit. The insight about risk as the foundation of all ISO standards. The technical breakthrough with knowledge graphs and LLMs.

After weeks of intensity, there’s finally peace of mind. Not because everything is finished, but because the path forward is remarkably clear.

With care,
Ben

​

P.S. If you’ve ever wanted to live more in sync with the flow of life, my Start Tapping Into Source email course might be just what you need. It’s a simple system for aligning your inner and outer worlds through intentional practices. Ready to dive in? Check it out here.​

P.S.S Have you ever wondered how aligning your journaling practice with the seasons of the year could amplify your growth? My Tuning into the Seasons course dives deep into this practice, showing you how to ride the natural ebb and flow of life for clarity, growth, and balance. Curious? Learn more here.​
​

​​​