Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » SOC 2 » SOC 2

SOC 2

SOC 2 is a type of audit that assesses the controls of a service organization relevant to the security, availability, processing integrity, confidentiality, and privacy of the service organization’s systems. The purpose is to evaluate the controls pertinent to these five trust services criteria and assure that the controls operate effectively. The service organization’s clients and auditors use the audit report. 

An independent accounting firm conducts a SOC 2 audit, following the standards set by the American Institute of Certified Public Accountants (AICPA). Demonstrating effective controls helps you build trust with clients and shows commitment to maintaining its systems’ security, availability, processing integrity, confidentiality, and privacy.

Additional reading

Mastering Internal Control Risk Assessment: Key steps to strengthen your business

As forward-thinking businesses focus on maximizing value, they recognize that risk must inform every decision, as it can enhance, maintain, or compromise value. However, instead of trying to eliminate or avoid risks entirely, they manage risk exposure to strike the right balance.  Such an approach stems from the understanding that risk is a part of…

Partnership Announcement: SprintoGRC and Aikido Security

SprintoGRC, a modern-age GRC Platform, announces a strategic partnership with Aikido Security, a developer-centric software security platform trusted by over 6,000 teams, from startups to global enterprises. The all-in-one platform centralizes essential code and cloud security scans, and shows you what vulnerabilities matter, and how to fix them, fast.  Most security professionals deal with two…

Risk Appetite vs. Risk Tolerance: Decoding the Differences

When it comes to risk management, even seasoned veterans can mix up terminology—there are a myriad of terms that are meaning-adjacent. A prime example is the misuse of “risk appetite” and “risk tolerance” as interchangeable terms, or even misapplying them entirely. However, It’s only when these two terms are well understood that security teams can…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales