Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » SOC 2 » Privacy

Privacy

Privacy is one of the five trust service criteria of SOC 2. It is information an entity collects, uses, retains, discloses, and disposes to meet its objectives. 

The privacy principle aims to service organizations who handle sensitive personal information do so in a responsible and trustworthy manner. They should have appropriate controls in place to protect the privacy of individuals. This principle guides organizations to handle privacy based on the following:

– Notice and communication of objectives

– Choice and consent

– Collection

– Use, retention, and disposal

– Access

– Disclosure and notification

– Quality

– Monitoring and enforcement

Additional reading

New Risks Emerging in Vendor Ecosystems (And What They Mean for TPRM)

Vendor ecosystems have become one of the largest risk surfaces for modern organizations. Businesses now rely on hundreds, often thousands, of vendors, including SaaS platforms, cloud services, processors, and subcontractors, to run day-to-day operations Recent incidents have shown how quickly failures in these ecosystems can cascade.  Supply-chain cyberattacks have already demonstrated how vulnerable vendor ecosystems…

SOC 2 Myths and Malpractices Busted: Be Wary Of These Red Flags

TL,DR: SOC 2 attestation is accessible to all qualifying CPA firms, not exclusive to select partners. The AICPA does not commission exclusive vendors for SOC 2 engagements despite claims from some vendors Common myths include believing SOC 2 is a one-time event (it requires continuous compliance), that only large enterprises need it (any service organization…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales