Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » COBIT » COBIT domains

COBIT domains

COBIT 4.1 breaks down IT governance and management into four key domains, each focusing on specific areas of IT processes.

Evaluate, Direct, and Monitor (EDM): EDM forms the major component of the COBIT 5 model and concerns itself with the optimal accomplishment of IT business integration and governance. This domain includes identifying directions for IT’s strategic growth, evaluating outcomes and achievements, and creating guarantees of activities’ conformity to standards and regulations.

Align, Plan, and Organize (APO): APO, on the other hand, is more focused on turning corporate strategies into executable IT projects. This can be defined as taking and documenting IT choices to coordinate IT actions with a company’s goals.

Build, Acquire, and Implement (BAI): In the BAI domain, more emphasis is placed on the practical implementation of IT projects, from development to procurement and integration. It has some features associated with risk management, quality assurance, and good project work.

Deliver, Service, and Support (DSS): DSS stands for the management of information technology solutions in organizations after implementation. This entails service provision for an organization’s needs, management of events or occurrences, and support for the total IT services to guarantee their efficiency.

Monitor, Evaluate, and Assess (MEA): MEA is central to proving continuity toward improving IT governance. It is an ongoing process of monitoring IT processes, IT performance, and even the outcomes of IT governance and management practices.

Additional reading

Blogs FISMA

What is FISMA Compliance – 7 FISMA Compliance Checklist

FISMA, or the Federal Information Security Management Act, was introduced in 2002 (and updated in 2014) to improve the cybersecurity of federal systems. It requires all US federal agencies to create security plans to protect their networks. In simple terms, it makes cybersecurity a must-have for government agencies, ensuring their IT systems are secure and…

Blogs Cloud compliance

Compliance Testing 101: How To Bulletproof Your Compliance Program?

Struggling with compliance testing? Unsure about the best methodology to use? Don’t worry—this guide is here to help you go through the process with confidence. Unlike audits, which are often required by law, compliance testing is a proactive self-check. It’s a valuable tool for identifying and addressing gaps in your compliance program before an official…

Quantum computing & Post-quantum Cryptography_ How GRC leaders are preparing for this decade's Y2K_

Blogs Cybersecurity General

Quantum computing & Post-quantum Cryptography: GRC’s Y2K Moment?

Imagine a world where your personal messages, health records, banking transactions, and confidential information are exposed in seconds because someone could break the encryption methods you trust. A decade ago, this would have seemed like a sci-fi plot, but today, it has the potential to become a very real possibility. As we look toward 2025,…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales