Demix Newsletter September 2025 Edition

͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌

Welcome, dear Reader, to the September edition of the Demix Monthly Newsletter

Introduction: Cyber Resilience as a Strategic Imperative

In today’s digital economy, cyber resilience is no longer optional…it’s essential.

To support organisations in meeting this challenge, the UK government has introduced two voluntary frameworks:

Software Security Code of Practice – guiding secure design, development, and distribution.
Cyber Governance Code of Practice – empowering boards and leaders to govern cyber risks effectively.

These codes are designed to work together. With CMMI (Capability Maturity Model Integration) as the backbone, organisations can translate policy into practice—achieving measurable, repeatable, and resilient cybersecurity outcomes

Highlights from the Codes of Practice

1. Software Security Code of Practice

CMMI provides the process infrastructure to implement the 14 core principles effectively:

Secure Design & Development – embedding security into requirements and architecture.
Build Environment Security – protecting build pipelines and ensuring integrity.
Secure Deployment & Maintenance – proactive vulnerability management and lifecycle security.
Communication with Customers – building trust through transparency and timely updates.

“CMMI ensures security is built in—not bolted on.”

2. Cyber Governance Code of Practice

Designed for boards and executives, this code is structured around five domains:

Risk Management – integrating cyber risks into enterprise governance.
Strategy – aligning cyber and business strategies.
People – cultivating a culture of accountability and literacy.
Incident Planning, Response & Recovery – preparing, testing, and learning from incidents.
Assurance & Oversight – ensuring governance is visible, verifiable, and value-driven.

Why CMMI? The Strategic Advantage

CMMI is more than compliance, it’s a strategic enabler. By adopting it, organisations can:

✔ Demonstrate structured compliance with UK codes.
✔ Empower leadership with data-driven insights.
✔ Future-proof operations against evolving threats.
✔ Build customer trust through resilience and transparency.

Next Steps for Organisations

Here’s a roadmap to begin your CMMI-aligned cyber journey:

Assess your maturity against CMMI and the UK codes.
Align development, governance, and operations practices.
Implement improvements using CMMI guidance.
Validate through internal or third-party assessments.
Communicate commitments to customers and regulators

Event Overview: ISACA Europe Conference 2025

Exciting news. One of our lead appraisers, Pieter Roos will be attending the conference with ISACA promoting CMMI and the work in UK.

Video: ISACA Conference

Dates & Location

When: October 15–17, 2025

Where: London, United Kingdom—held at Novotel London West

Theme & Focus

The event’s theme, “Building Connections, Expanding Insights”, sets the tone for a dynamic, in-person gathering of IS/IT professionals from across Europe and beyond.

Content Highlights

Expect 2.5 days of world-class content, including expert-led sessions and workshops on critical technology and governance topics: AI, blockchain, digital trust, compliance, cybersecurity, emerging tech, and more.

AI-Focused Workshops:

Advanced in AI Audit™ (AAIA™): A two-day workshop covering the essential concepts and qualifications needed for IT auditors.
Advanced in AI Security Management™ (AAISM™): A companion two-day workshop tailored to security managers preparing for AI security challenges

Continuing Professional Education (CPE) Credits

You can earn up to 32 CPE credits:

18 credits through the main conference.
16 additional credits from attending the AI workshops.

Early-Bird Offers & Group Discounts

Save significantly by registering early—early-bird rates end on August 29.

Groups of five or more enjoy a 25% discount off the standard fee.

Networking & Career Development

This is a prime opportunity to network with industry peers, thought leaders, and decision-makers in IS/IT, cybersecurity, governance, and digital trust.

Expect insights that not only enhance your technical expertise but also equip you for leadership and career growth.

Extra Context: ISACA London Chapter Events

Although not part of the Europe Conference, the ISACA London Chapter often hosts localized events throughout the year (e.g., the annual chapter conference in February). These events offer tailored content and networking for professionals in London, but are typically separate from the ISACA global conferences.

Need Some Help?

Schedule a meeting with us to explore how Demix can guide you to full compliance.

Schedule A Consultation

P: +27 82 590 3660

E: [email protected]

www.demix.org

You can update your preferences or unsubscribe.

View in browser

0 Shares

The September 2025 Issue of the Demix Best Practice Magazine

Welcome, dear Reader, to the September edition of the Demix Monthly Newsletter

Introduction: Cyber Resilience as a Strategic Imperative

In today’s digital economy, cyber resilience is no longer optional…it’s essential.