Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » SOC 2 » Privacy


Privacy is one of the five trust service criteria of SOC 2. It is information an entity collects, uses, retains, discloses, and disposes to meet its objectives. 

The privacy principle aims to service organizations who handle sensitive personal information do so in a responsible and trustworthy manner. They should have appropriate controls in place to protect the privacy of individuals. This principle guides organizations to handle privacy based on the following:

– Notice and communication of objectives

– Choice and consent

– Collection

– Use, retention, and disposal

– Access

– Disclosure and notification

– Quality

– Monitoring and enforcement

Additional reading

Cloud security audit

What is Cloud Security Audit [Complete Checklist]

Malicious actors target sections where the bulk of data reside. As more processes, applications, and information sit on the cloud, it inevitably attracts cybercriminals. A cloud security audit can help to accelerate response and mitigation capabilities.  This article covers what cloud security audit means, its objective, what to ensure to be audit ready, its challenges,…
ISO 27001 Vulnerability Management

ISO 27001 Vulnerability Management + (Free Controls List)

Staying vigilant can go a long way in preventing risk. A number of threats are known to the organization and can be prevented by implementing simple measures such as strong passwords and firewall configurations. Some others may require more complex measures, constituting a strong security posture. ISO 27001 vulnerability management, therefore, aims to proactively address…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.