Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary Β» PCI DSS Β» PCI Patch Management

PCI Patch Management

PCI patch management is an important aspect of PCI Requirement 6.2. According to the rule, an auditor should review your company’s policies and procedures to confirm the existence of a patch management process. 

The specific section that addresses the patching is 6.3 – “Security vulnerabilities are identified and addressed.” However, while you can see that the patching is dotted throughout the section, the main requirement is present in point 6.3.3, which states:

All system components must be safeguarded against known vulnerabilities by applying security patches and updates. Critical or high-security patches, determined through a risk ranking process (Requirement 6.3.1), must be installed within one month of release.

When a vulnerability or patch is discovered, you need to assess its risk level, categorizing it as ‘high,’ ‘medium,’ or ‘low.’ This categorization aids in prioritizing and dealing with the most critical issues.

Additional reading

GDPR Cookie Consent: Protecting User Privacy and Data

Key Points Introduction Cloud-hosted companies that operate websites with global traffic must know about GDPR and cookies. In May 2020, the EU released an update to clarify their specific position around cookie usage.  Cookies give important insights to companies about the activity of their website visitors.Cookies are small files sent by websites to the visitor’s…

How to Choose Your SOC 2 Trust Principles: A Framework for SaaS Leaders

TL;DR SOC 2 is built on 5 Trust Services Criteria (TSC) defined by the AICPA. Security is the only mandatory one; Availability, Confidentiality, Privacy, and Processing Integrity are optional. Together, these criteria determine your audit scope and the controls your organization must prove. The optional TSCs are chosen based on your product and customer expectations….

Mastering Document Control Procedure: Steps for enhanced access, efficiency and compliance

1 in 4 employees spends 2-3 hours searching for a document, disrupting productivity and undermining workflow efficiency. Despite a growing focus on strengthening data governance, many organizations overlook a critical element: a structured document control procedure. Effective data governance relies on two key pillarsβ€”strong data hygiene practices and an efficient document control system. Without these, even…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales