Glossary

Glossary

  • Security Management Policy (IS Policy)

    It is a very well known fact that all organizations require written policies, procedures, and rules in order to achieve compliance. Think about a practical example of building a house. For any solid structure to be developed, you need a solid foundation. The policies are the foundation of an organization. Policies are the principles and …

  • Cloud Security Compliance

    “The Cloud” is terminology that is so commonly used nowadays. Cloud computing refers to the availability of resources required by computer systems, including and specifically related to data storage and computing power without the user/organization having direct management. When we talk about cloud compliance, we are referring to the procedures, policies, and practices that monitor …

  • Compliance Process Automation

    For many companies, meeting security and compliance requirements at the same time can be a daunting task. For one thing, many companies do not have their own compliance capabilities. Rather, the security team does the compliance work. They are responsible for time-consuming audit requests, documenting and making changes to internal controls, etc. The preparation is …

  • Vendor Review

    Nowadays, there is a plethora of vendor tools, services, and products that exist for almost every business requirement and focus area of an organization, and it is often easier, and more cost effective to use a vendor’s established product or service rather than spending the time and money developing your own. However, using one of …

  • SOC 2 Auditor

    An auditor who has been accredited by the AICPA that can attest and report on if controls were suitably designed during the audit period for an organization.  In all engagements for a SOC 2 attestation, there is a shared responsibility model that is in place between you as a lead implementer, the service auditor, and …

  • ISO 27001 Security Standard

    A standard developed in 2013 by the International Organization for Standardization and IEC (International Electrotechnical Commission). This standard is not an obligation for organizations, however it does provide a certification process that is more than likely going to increase sales numbers. Most fortune 500 companies want to know that the companies they are performing business …

  • Compliance Frameworks

    A set of criteria that is developed by an organization that achieves some objective or outcome with the intended purpose of having some type of benefit to the organization.  Risk Frameworks are intended to minimize risk within an organization whereas a governance framework is intended to drive process changes and ensure that management is achieving …

  • Data Security Controls

    Controls used to protect data an organization is responsible for safekeeping due to laws, regulations and compliance requirements.  Data security controls can come in a wide variety of control sets and types. A few to mention would be data leak prevention or also known as data loss prevention. This is usually a software or hardware …

  • Data Classification Policy

    A policy that specifies the required tagging of data stored by a company. This data is usually specific in nature such as PCI data, Health Information, and Personally Identifiable Information.  If you have ever worked for a large enterprise, you know how daunting it can be to get up to speed on things. Things are …

  • SOC 2 Type II Report

    Developed by the AICPA, A SOC 2 Type II report is an attestation of an organization’s overall security posture. This includes the following: Security, Availability, Processing Integrity, Confidentiality, and Privacy. A SOC 2 report is common among SaaS solutions that process, transmit and store confidential information. Oftentimes organizations are finding that they need a SOC …

  • IT Security Policies

    Information Security Policies or also known as IT Security Policies, allow an organization’s management team to implement administrative controls and ensure that standards are set for information security across the organization.  The minimum an IT data security policy should include Purpose  Scope  Information Security Objectives At a minimum the organization should be reviewing policies and …

  • ISO 27000 Compliance

    The ISO 27000 series is a series of frameworks. This includes the following: ISO 27001, 27002, 27003, 27004, 27005, 27006.  ISO 27000 Series ISO27001 ISMS Requirements ISO27002 ISMS controls ISO27003 ISMS implementation guidelines ISO27004 ISMS Measurements ISO27005 Risk management ISO27006 Guidelines for ISO 27000 accreditation bodies These frameworks assist organizations on implementing best practices for …

  • Data Compliance

    Although there are multiple different compliance frameworks across the information technology sector, data compliance is best summarized as a way for information technology firms and businesses to ensure safeguards and processing of information is allowed by law, and the safekeeping of records that pertain to an individual or organization are protected and de-identified.  Common data …

  • Security Questionnaires

    Security Questionnaires are very common among business to business transactions. These often occur before a business decision is made regarding a product or service to be implemented by an organization. Security Questionnaires will often contain questions regarding the security posture of the organization, and if the organization has undergone things such as vulnerability scans, outside …

Book a Demo

Get all the latest and greatest in
SOC 2 news.