Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
Electronic Document
“Electronic record” means record, data, or data generated, audio or visuals stored, received, or shared in an electronic form or computer generated micro fiche or microfilm.
Additional reading
Ultimate Guide to PCI DSS Training
TL,DR: PCI DSS training is mandatory for every organization processing card transactions, applying to all employees. Requirement 12.6 specifically mandates a training program covering cardholder data security awareness Three training types exist: Awareness Training (introductory for all staff), Internal Security Assessor (ISA) training for internal audits, and Qualified Security Assessor (QSA) training for certified third-party…
How to implement role-based access control?
TL,DR: RBAC assigns permissions based on job functions rather than individual identity, enforcing the principle of least privilege and preventing privilege creep by resetting access during role changes SOC 2, ISO 27001, HIPAA, GDPR, and PCI DSS all require controlled access, role-based permissions, periodic reviews, and separation of duties, making RBAC a foundational compliance requirement…
How to Conduct a Gap Analysis for ISO 27001?
TL;DR An ISO 27001 gap analysis compares your organization’s current security practices against ISO 27001 requirements to identify missing policies, controls, and evidence across people, processes, and technology. The process involves downloading the ISO 27001 standard, assessing your existing controls (data privacy, risk management, access controls) against each requirement, and creating a prioritized remediation plan…
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.
