Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » SOC 2 » SOC 2

SOC 2

SOC 2 is a type of audit that assesses the controls of a service organization relevant to the security, availability, processing integrity, confidentiality, and privacy of the service organization’s systems. The purpose is to evaluate the controls pertinent to these five trust services criteria and assure that the controls operate effectively. The service organization’s clients and auditors use the audit report. 

An independent accounting firm conducts a SOC 2 audit, following the standards set by the American Institute of Certified Public Accountants (AICPA). Demonstrating effective controls helps you build trust with clients and shows commitment to maintaining its systems’ security, availability, processing integrity, confidentiality, and privacy.

Additional reading

Beginners Guide to IT Governance Audit

Have you ever found yourself pulled in different directions by organizational priorities, only to later face the repercussions of system downtime, technical vulnerabilities, or continuity issues? As a CIO, these challenges not only impact your IT department but can also reverberate throughout the entire organization, affecting customer satisfaction and operational efficiency. One crucial safeguard against…

Balancing Risk vs Reward in GRC AI

TL,DR: AI risks in GRC include data poisoning (manipulating training data), transfer learning attacks (exploiting pre-existing models), output integrity attacks (modifying ML outcomes), supply chain attacks (injecting malicious components), model inversion (stealing sensitive training data), and privacy breaches Managing AI risks requires conducting AI-specific risk assessments, implementing data validation pipelines, establishing human oversight for AI-generated…

HIPAA Certification Cost [Updated 2026 + Free Checklist Download]

TL;DR There is no official government-issued HIPAA certification, and costs vary by whether you’re seeking individual training credentials or building an organizational compliance program. Individual HIPAA training certifications validate understanding of the Privacy, Security, and Breach Notification rules through online courses, with cost varying by provider and course depth. Organizational compliance requires a mandatory Security…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.