Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » PCI DSS » PCI Patch Management

PCI Patch Management

PCI patch management is an important aspect of PCI Requirement 6.2. According to the rule, an auditor should review your company’s policies and procedures to confirm the existence of a patch management process. 

The specific section that addresses the patching is 6.3 – “Security vulnerabilities are identified and addressed.” However, while you can see that the patching is dotted throughout the section, the main requirement is present in point 6.3.3, which states:

All system components must be safeguarded against known vulnerabilities by applying security patches and updates. Critical or high-security patches, determined through a risk ranking process (Requirement 6.3.1), must be installed within one month of release.

When a vulnerability or patch is discovered, you need to assess its risk level, categorizing it as ‘high,’ ‘medium,’ or ‘low.’ This categorization aids in prioritizing and dealing with the most critical issues.

Additional reading

CCPA exceptions [Types of Data and Companies]

TL,DR: The CCPA exempts nonprofits, government agencies, and insurance institutions under IIPPA. For-profit businesses must comply only if meeting thresholds for revenue ($25 million+), data volume (100,000+ consumers), or data sale revenue (50%+) Data-level exemptions cover information already governed by federal laws including HIPAA (health data), GLBA (financial data), FCRA (credit data), DPPA (driver records),…

Risk Management Policy – How to Automate the Process

With risks becoming increasingly interconnected, the risk management process involves many moving parts. As risks often share multiple points of intersection, they can quickly escalate into events that could potentially collapse a business. Reacting to a crisis when you’re already in the midst of it is far from ideal. Forward-thinking businesses know how crucial it…

A Comprehensive Guide to HIPAA Compliance Audit

Whether you are a covered entity or a business associate, receiving a communique from the Office of Civil Rights can be stressful. Hearing from the enforcing authority of HIPAA, one of the most stringent healthcare regulations in the world, sure isn’t what your dreams are made of. But on the off chance you do get…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales