Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » PCI DSS » PCI Patch Management

PCI Patch Management

PCI patch management is an important aspect of PCI Requirement 6.2. According to the rule, an auditor should review your company’s policies and procedures to confirm the existence of a patch management process. 

The specific section that addresses the patching is 6.3 – “Security vulnerabilities are identified and addressed.” However, while you can see that the patching is dotted throughout the section, the main requirement is present in point 6.3.3, which states:

All system components must be safeguarded against known vulnerabilities by applying security patches and updates. Critical or high-security patches, determined through a risk ranking process (Requirement 6.3.1), must be installed within one month of release.

When a vulnerability or patch is discovered, you need to assess its risk level, categorizing it as ‘high,’ ‘medium,’ or ‘low.’ This categorization aids in prioritizing and dealing with the most critical issues.

Additional reading

A Beginner-friendly Guide to ISO 27001 Data Protection Policy

Somewhere, in a dusty corner of your office, lies a document titled ‘Data Protection Policy.’ It’s a well-intentioned file, full of dense paragraphs and legal jargon. As you expect, most employees have never read it, and those who have probably forgotten what it said moments later. This situation is too common, while it shouldn’t be. The…

How to Create a Vendor Management Policy? [Template]

Vendor management is how your business selects, monitors, and offboards third parties that touch your systems, data, or daily operations.  A vendor management policy helps teams handle vendor risk in a consistent way. It reduces the chance of audit findings or security breaches and minimizes business disruptions. The policy specifies who owns vendor oversight, how…

UK GDPR vs EU GDPR: Key Differences Explained

Key Points Introduction If you run a cloud-hosted company that collects customer data in the United Kingdom (UK), you would have heard about the General Data Protection Regulation (GDPR).  GDPR is regarded as the most important data protection law in the European Union (EU) and the United Kingdom (UK). The primary purpose of UK privacy…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales