Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » COBIT » COBIT principles

COBIT principles

COBIT 5 is built on five key principles that help organizations manage and govern their IT:

Principle 1: Meeting stakeholder needs
This principle underscores the view that organizational requirements should be aligned with stakeholders’ requirements because organizations are established on such demands. Erosion of trust is mostly about knowing stakeholders and ensuring their demands are in tune with the overall organizational strategy. 

Principle 2: Covering the enterprise end-to-end
COBIT 5 links IT governance with the organizational governance system and comprehensively addresses all information and technology management procedures. It links business flow and IT management and is seen as an opportunity to determine a company’s likely threats.

Principle 3: Applying a single integrated framework
Given the many frameworks and theories available, nothing is better than keeping things as simple as possible. COBIT 5 addresses this by supporting a single integrated framework to improve the organization’s governance and management.

Principle 4: Enable a holistic approach
This principle emphasizes using a wide-angle lens when responding to business risks and opportunities. COBIT 5 is focused on helping organizations shift from confined thinking and embrace an integrated IT governance and management framework.Principle 5: Separate governance from management
The concepts of governance and management need to be separated even if they work hand in hand for the following reasons: COBIT 5 points out that these functions need to be separated but should have a close relationship. Therefore, it becomes easy to contain decision-making processes, particularly if their functions have been defined and authority and accountability are improved.

Additional reading

Vendor risk management checklist

Your Go-To Vendor Risk Management Checklist

Have you heard of supply chain attacks like the infamous SolarWinds incident? Hackers compromised SolarWinds by injecting malicious code into its widely-used Orion IT monitoring and management software, impacting thousands of enterprises and government agencies globally. Such headline-grabbing events have made vendor risk management a hot topic and for good reasons.  If a vendor has…
GDPR compliance cost

​​Compliance Q&A: How much does GDPR compliance cost?

Does GDPR seem like a jigsaw puzzle?We know it can get confusing, but it’s a high-stakes game, and a missing piece can lead to losses of millions of dollars and heavy sanctions.  The latest €1.2 billion fine handed down to Meta by the Irish Data Protection Commissioner is a prime example. High-profile fines like those…
data protection impact assessment

Guide to Conducting a Data Protection Impact Assessment

Key Points Introduction Data Protection Impact Assessment (DPIA) is a part of the EU’s General Data Protection Regulation (GDPR).  For the uninitiated, GDPR is the EU’s new law formed to unify all data protection laws across the European Union.  According to the GDPR Certification, performing DPIA is now mandatory for any cloud-hosted company that launches…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.