Glossary

General Compliance

  • Compliance Software

    What is compliance management software Compliance has become a hot topic in today’s world. When organizations hear the word “compliance” they tend to think of ways to shortcut this process. Compliance software is the answer to that shortcut and can be essential for organizations looking for more effective and efficient ways to comply with the …

  • Security Compliance

    Overview of security compliance The concept of security and compliance used in the same sentence has become a common theme in recent years. The word ‘security’ specifically in the information technology arena brings up several topics, especially the relevant risks that are associated with these topics, for example: Access securityChange management securityData securityApplication securityNetwork securityCyber …

  • Vendor Management Policy

    Sometimes, a third-party contractor only needs access to certain company databases or permissions. Or, a third party’s services may only be required on certain days of the week. In order to sort out these technicalities, it is necessary for outsourcers to create a vendor management policy statement. What is a vendor management policy? A vendor …

  • Third-Party Risk

    Let’s start off with an example. A company’s offices could follow airtight security practices and have a comprehensive keycard system that keeps unwanted and potentially malicious visitors out. But none of that will matter if one of the hired painters leaves their keycard on the bus, and that card finds itself in the possession of …

  • Self-Assessment Questionnaire (SAQ)

    What is a self-assessment questionnaire? A self-assessment questionnaire (SAQ) is an important step towards auditing success when aiming for compliance of a varying degree based on results from an SAQ assessment. The goal of the questionnaires is to prepare your organization for what the audit will entail and to make sure you are set up …

  • Compliance Program

    As a leader in a developing company, you are well aware that creating a compliance program is something you will have to deal with at some time as you grow. Because industry standards frequently have overlapping criteria, an organization may establish a single policy or a set of rules that meets various needs. It’s vital …

  • Audit Trail

    An audit trail, or sometimes referred to as an audit log, is a documented flow of transactions, security relevant records, or data changes that are date and time stamped. It keeps a sequential record of the history and details around the change. Depending on the area of expertise, audit trails/logs come in different shapes and …

  • Security Management Policy (IS Policy)

    It is a very well known fact that all organizations require written policies, procedures, and rules in order to achieve compliance. Think about a practical example of building a house. For any solid structure to be developed, you need a solid foundation. The policies are the foundation of an organization. Policies are the principles and …

  • Cloud Security Compliance

    “The Cloud” is terminology that is so commonly used nowadays. Cloud computing refers to the availability of resources required by computer systems, including and specifically related to data storage and computing power without the user/organization having direct management. When we talk about cloud compliance, we are referring to the procedures, policies, and practices that monitor …

  • Compliance Process Automation

    For many companies, meeting security and compliance requirements at the same time can be a daunting task. For one thing, many companies do not have their own compliance capabilities. Rather, the security team does the compliance work. They are responsible for time-consuming audit requests, documenting and making changes to internal controls, etc. The preparation is …

  • Vendor Review

    Nowadays, there is a plethora of vendor tools, services, and products that exist for almost every business requirement and focus area of an organization, and it is often easier, and more cost effective to use a vendor’s established product or service rather than spending the time and money developing your own. However, using one of …

  • Compliance Frameworks

    A set of criteria that is developed by an organization that achieves some objective or outcome with the intended purpose of having some type of benefit to the organization. Compliance frameworks allow you to take parts of your organization’s procedures, policies, and other documentation and compile them all into one cohesive entity. There are always …

  • Data Security Controls

    Data security controls are any parameters used to prevent and safeguard data within your company. Such controls can be in the form of policies, rules, systems, or any other for the sake of guaranteeing compliance. Controls conducted outside of a system are called manual controls whereas controls configured within a system that are used to …

  • Data Classification Policy

    A policy that specifies the required tagging of data stored by a company. This data is usually specific in nature such as PCI data, Health Information, and Personally Identifiable Information.  If you have ever worked for a large enterprise, you know how daunting it can be to get up to speed on things. Things are …

  • IT Security Policy

    Information Security Policies or also known as IT Security Policies, allow an organization’s management team to implement administrative controls and ensure that standards are set for information security across the organization.  The minimum an IT data security policy should include Purpose Scope Information Security Objectives At a minimum the organization should be reviewing policies and procedures on …

  • Data Compliance

    What is data compliance? Data compliance is a practice and a process. It refers to the adherence of protocols and standards that are designed to safeguard personal data and information. Data compliance requirements and regulations define (1) how data is collected, used, processed, and stored, and (2) the processes to ensure the data is protected …

  • Security Questionnaires

    Security Questionnaires are very common among business to business transactions. These often occur before a business decision is made regarding a product or service to be implemented by an organization. Security Questionnaires will often contain questions regarding the security posture of the organization, and if the organization has undergone things such as vulnerability scans, outside …

Book a Demo