Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » SOC 2 » Quality Report

Quality Report

A SOC 2 quality report is a document that service organizations use to demonstrate that they have adequate controls, policies, and processes in place to secure customer data. These controls are related to the five trust principles: security, availability, processing integrity, confidentiality, and privacy. Security is the most important and compulsory criterion, while others can be audited for compliance based on business needs. 

The report is provided by a CPA (Certified Public Accountant) firm. There are two types of report – Type 1 and Type 2. A Type 1 report provides a snapshot of the service organization’s controls at a specific point in time. A Type 2 report provides a snapshot of the service organization’s controls over a longer period of time, generally six months or longer.

Additional reading

Limitations of Internal Controls

9 Limitations of Internal Controls And How to Mitigate Them

Internal controls are the building blocks of a company’s security posture. They shape the company’s security architecture and they can often be the difference between a secure company and a vulnerable one.  A recent study suggested that about 68% of occupational fraud occurred due to reasons relating to internal control loopholes—the reasons ranging from a…
Compliance audit

Compliance Audit: Types, Detailed Process, & Best Practices

Negligence in cybersecurity costs more than regulatory fines. It erodes your customer’s trust. This is precisely why most regulatory bodies, such as the International Organization for Standardization (ISO), PCI Security Standards Council (PCI SSC), or General Data Protection Regulation (GDPR), recommend a thorough compliance audit—aptly put, an assessment of your company’s first line of defense. …
Vendor risk management checklist

Your Go-To Vendor Risk Management Checklist

Have you heard of supply chain attacks like the infamous SolarWinds incident? Hackers compromised SolarWinds by injecting malicious code into its widely-used Orion IT monitoring and management software, impacting thousands of enterprises and government agencies globally. Such headline-grabbing events have made vendor risk management a hot topic and for good reasons.  If a vendor has…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales