Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » COBIT » COBIT domains

COBIT domains

COBIT 4.1 breaks down IT governance and management into four key domains, each focusing on specific areas of IT processes. 

Evaluate, Direct, and Monitor (EDM): EDM forms the major component of the COBIT 5 model and concerns itself with the optimal accomplishment of IT business integration and governance. This domain includes identifying directions for IT’s strategic growth, evaluating outcomes and achievements, and creating guarantees of activities’ conformity to standards and regulations.  

Align, Plan, and Organize (APO): APO, on the other hand, is more focused on turning corporate strategies into executable IT projects. This can be defined as taking and documenting IT choices to coordinate IT actions with a company’s goals.

Build, Acquire, and Implement (BAI): In the BAI domain, more emphasis is placed on the practical implementation of IT projects, from development to procurement and integration. It has some features associated with risk management, quality assurance, and good project work.  

Deliver, Service, and Support (DSS): DSS stands for the management of information technology solutions in organizations after implementation. This entails service provision for an organization’s needs, management of events or occurrences, and support for the total IT services to guarantee their efficiency.  

Monitor, Evaluate, and Assess (MEA): MEA is central to proving continuity toward improving IT governance. It is an ongoing process of monitoring IT processes, IT performance, and even the outcomes of IT governance and management practices.

Additional reading

Chief compliance officer

Becoming a Chief Compliance Officer: Skills, Duties and Pathway

Compliance is a mandate for industries such as healthcare, fintech, information technology, telecommunications and more. Within these sectors, the frameworks’ increasing complexity necessitates meticulous supervision and effective maintenance of the compliance function. Regulatory bodies are getting stricter with enforcement actions, imposing severe penalties and fines in place. Moreover, as businesses expand globally, geographical challenges arise…
Risk assessment tools

Best Risk Assessment Tools for Managing Cyber Risk

Risk assessment is an activity that helps organizations strengthen their security posture. A well-rounded risk assessment process will help you identify potential risks to your compliance, evaluate risk severity, and minimize their impact on business operations and continuity.  It will require more than assessing risk to streamline your security-strengthening process; your organization must also deploy…
PCI Automation_ How To Get Started

PCI Automation: How To Get Started

You’ve worked hard to build trust with your customers and create a solid business, but data security is one of the biggest talking points. Breaches can not only impact customers but can cause them to distrust your business. And this is one of the reasons why you need a PCI DSS (Payment Card Industry Data…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.