- AICPA
- Attestation of Compliance (AOC)
- California Consumer Privacy Act
- Compliance as a Service
- Compliance Automation Software
- Compliance Risk Management
- Comprehensive Assessment
- Controls
- Cybersecurity
- GRC
- Information Security Management System (ISMS)
- ISMS Governing Body
- ISO 27001
- ISO 27001 Annex A Controls
- ISO 27001 Security Standard
- Pen Testing
- Policies
- Risk Assessment
- Security Questionnaire
- SOC 1
- SOC 2
- SOC 2 Auditor
- SOC 2+
- SOC 3
- SOC Reports
- SOC Trust Services Criteria (TSC)
- SSAE 16
- SSAE 18
- Statement of Applicability (SoA)
- Vendor Assessment
- Vendor Management Policy
- Vulnerability Management
AICPA »
The American Institute of Certified Public Accountants (AICPA) oversees the System and Organizational Controls (SOC) recommendations and standards for compliance, auditing, and reporting.
Attestation of Compliance (AOC) »
An Attestation of Compliance (AOC) a form used by merchants and service providers to document compliance with the Payment Card Industry Data Security Standard (PCI DSS).
California Consumer Privacy Act »
The California Consumer Privacy Act (CCPA) expands California's data privacy provisions ito increase protection of consumer information.
Compliance as a Service »
Compliance as a service (CaaS) combines cloud-based software and services that enables compliance without prohibitive capital investments.
Compliance Automation Software »
Compliance automation software \uses automation to ease and improve compliance with best practices, regulations, and standards.
Compliance Risk Management »
Compliance risk management is the Identification, assessment, mitigation, and monitoring of the risks of non-compliance with key regulations and standards.
Comprehensive Assessment »
Comprehensive assessment provides detailed information about an organization's adherence to the SOC 2 Trust Services Criteria.
Controls »
Controls are the policies, procedures, processes, and systems employed to meet specific requirements or criteria, such as those for SOC 2 compliance.
Cybersecurity »
Cybersecurity is the coordinated management of people, processes, and technologies in ways that maximize protection of information systems and data from threats and unauthorized access.
GRC »
An acronym for "governance, risk, and compliance" that refers to a consolidated approach to these three critical elements of business management and operations.
Information Security Management System (ISMS) »
An information security management system (ISMS) is a systematic approach to managing information security and customer data protection.
ISMS Governing Body »
A team of senior leaders within an organization responsible for management of that organization's information security management system (ISMS).
ISO 27001 »
ISO 27001 defines requirements from the International Organization for Standardization (ISO) designed to reduce risks to information systems and customer data.
ISO 27001 Annex A Controls »
The 114 security controls from which companies can choose to craft their specific ISO 27001-compliant security strategies.
ISO 27001 Security Standard »
The ISO 27001 Security Standard defines information security management system (ISMS) requirements and best practices for their management.
Pen Testing »
Pen testing is a method for determination of how vulnerable an information infrastructure is to unauthorized access.
Policies »
Policies are formal declarations of how a company addresses specific elements of information system security and compliance with regulations and standards.
Risk Assessment »
Risk assessment is a detailed evaluation of the risks that could affect all elements of the business information infrastructure, with a focus on information systems and critical data.
Security Questionnaire »
A security questionnaire is a tool enterprises use to evaluate the security practices of current and potential business partners.
SOC 1 »
SOC 1 audits focus on a company's financial controls and policies, and are sometimes conducted as first steps toward SOC 2 compliance.
SOC 2 »
SOC 2 audits focus on detailed assessments of measures and policies intended to protect customer data.
SOC 2 Auditor »
A SOC 2 auditor is an independent CPA certified to asses and report on the controls in place at a service organization and the effectiveness of those controls at achieving SOC 2 compliance.
SOC 2+ »
A SOC 2+ report addresses multiple industry standards and regulations beyond the AICPA's System and Organization Controls (SOC) framework.
SOC 3 »
A SOC 3 audit report basically provides a less technically detailed version of the information contained in a SOC 2 report.
SOC Reports »
SOC reports document the results of audits of an organization's compliance with the AICPA's System and Organization Controls (SOC) recommendations and standards.
SOC Trust Services Criteria (TSC) »
Five Trust Services Criteria -- Security, Availability, Processing Integrity, Confidentiality, and Privacy -- make up the foundation of the AICPA's System and Organization Controls (SOC) recommendations, including SOC 2.
SSAE 16 »
SSAE 16 is the Statement on Standards for Attestation Engagements No. 16, a set of AICPA-developed auditing standards and guidance for applying them.
SSAE 18 »
SSAE 18 is the Statement on Standards for Attestation Engagements No. 18, the current successor to SSAE 16.
Statement of Applicability (SoA) »
A Statement of Applicability (SOA) compares the specific elements of an organization's ISMS with the ISO 27001 Annex A control set.
Vendor Assessment »
Vendor assessment is evaluation of the security practices of current and potential vendors.
Vendor Management Policy »
A company's vendor management policy details the security requirements all third-party vendors and business partners must meet.
Vulnerability Management »
Vulnerability management is assessment of the elements of an information system most likely to be subject to a cybersecurity threat or attack.