Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » SOC 2 » IaaS

IaaS

Infrastructure as a Service (IaaS) is a cloud computing service that provides customers with access to computing infrastructure (such as servers, storage, and networking) on a pay-per-use basis. IaaS enables customers to rent or lease infrastructure resources on an as-needed basis rather than purchase and maintain their in-house infrastructure.

With IaaS, customers can scale their infrastructure up or down as needed, depending on their changing needs and requirements. This can be more cost-effective than maintaining in-house infrastructure, as customers only pay for the resources they consume.

IaaS is a popular choice for organizations that want to outsource the management and maintenance of their infrastructure to a cloud service provider so that they can focus on their core business.

Additional reading

Governance vs Compliance: Key Differences and Similarities

TL,DR: Governance is internally driven and strategic, setting organizational direction through policies and decision-making structures. Compliance is externally mandated and tactical, requiring adherence to specific regulatory framework requirements Governance without compliance lacks enforcement mechanisms, and compliance without governance lacks strategic alignment with business objectives. In practice, both must work together for an effective security posture…

SOC 1 Bridge Letters: Keeping Stakeholder Confidence Intact

If you’ve completed a SOC 1 (System and Organization Controls 1) audit, you know that tasks like testing and documenting controls don’t end with the final report. Often, there’s a gap between your audit period and your client’s year-end.  This is where a bridge letter comes in. It’s a simple way of saying, “Nothing major…

Building a Compliant ISO 27001 Information Transfer Policy

On 9 September 2025, China’s regulator found Dior’s Shanghai branch had unlawfully transferred customer data to France without required approvals, contracts, or encryption. As organizations adopt Generative AI and expand globally, information flows faster and farther than ever. Each unmanaged transfer now carries real compliance risk. An ISO 27001 Information Transfer Policy, anchored by Annex A.13.2, sets clear rules…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales