Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » PCI DSS » PCI DSS Standards

PCI DSS Standards

The PCI Data Security Standard (PCI DSS) safeguards cardholder data and sensitive authentication information when processed, stored, or transmitted. The PCI DSS universe is built of 3 important components. They are:

PCI Data Security Standard (PCI DSS)

This component applies to any company that deals with cardholder data, whether it’s storing, processing, or transmitting it. It covers the technical and operational aspects of systems connecting to cardholder data. If your business handles payment cards in any way, you must comply with PCI DSS to ensure data security.

Payment Application Data Security Standard (PA-DSS)

PA-DSS is mainly for software developers and integrators who create applications that are about cardholder data. It also covers applications you sell, distribute, or license to third parties.

PIN Entry Device Security Requirements (PCI PED) 

PCI PED is mainly for manufacturers who create and manage personal identification number (PIN) entry terminals used in financial transactions. PCI PED specifies these devices’ security requirements and ensures you securely handle PINs.

Additional reading

Ensuring GDPR Compliance for Your Startup

“Startups are focused on acquiring customers and getting investment, and whilst they probably “should” care about data protection, they always have other priorities which are more pressing and urgent.” – Anthony Rose, CEO, SeedLegals It’s true that, as a startup, your main focus should be on your customers and funding. Compliance is not one of…

How To Define Your SOC 2 Scope

TL;DR SOC 2 scope defines the parameters for evaluating internal controls, covering services, systems, policies, processes, and people assessed against 5 trust principles: security, availability, processing integrity, confidentiality, and privacy Preparing scope follows key steps: choose relevant Trust Service Criteria based on customer expectations, identify in-scope systems and infrastructure, define organizational boundaries, document subservice organizations,…

ISO 42001 Training: A Complete Guide (2026 Updated)

TL;DR ISO 42001 training explains how to apply the AI governance standard across teams. It breaks down the roles, responsibilities, and controls required to meet audit expectations. The training helps clarify ownership, speed up audit prep, and align technical and compliance teams working on AI systems. There are different types of ISO 42001 training. Awareness…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.