Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » SOC 2 » Internal Audit

Internal Audit

An internal audit is a type of organizational audit that is conducted by a company’s own employees, rather than by an external third party. The purpose of an internal audit is to evaluate and improve the effectiveness of a company’s internal controls, risk management, and governance processes.

Internal audits may cover a wide range of topics, depending on the needs and goals of the organization. For example, an internal audit might focus on financial reporting, operational efficiency, compliance with laws and regulations, or IT systems and controls.

Additional reading

What Is PHI in HIPAA: 18 Identifiers With Examples (2026)

TL;DR PHI stands for Protected Health Information – in HIPAA, it refers to any health, treatment, or payment data that can be used to identify an individual, whether in written, oral, or electronic form. PHI includes 18 identifiers such as names, addresses, phone numbers, Social Security numbers, email addresses, and full-face photos. Protected Health Information…

DORA and Essential Eight: Security Compliance Guide

TL,DR: DORA is a mandatory EU regulation strengthening digital resilience across the financial sector. The Essential Eight is an Australian ASD framework protecting IT networks from cyber threats DORA covers 6 areas: ICT risk management, third-party risk, resilience testing, incident management, information sharing, and provider oversight. Essential Eight addresses application control, patching, macro settings, MFA,…

Vendor Concentration Risk: What Does Defensible Selection Look Like in 2026?

TL;DR Vendor concentration risk is becoming harder to defend because many critical vendor categories now have only a few viable providers, while AI integrations are increasing how much impact those vendors can have at runtime. Defensible vendor selection now requires organizations to clearly document why specific vendors were chosen, what risks were accepted, and how…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.