Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » SOC 2 » SOC 2 Access Control 

SOC 2 Access Control 

SOC 2 Access Control focuses on how you, as a company, manage and restrict access to your systems and data. The main goal is not to give unauthorized people access to sensitive data.

To know more about implementing the SOC 2 access controls, read SOC 2 Controls: All You Need to Know

Here are the categories that help with managing access control:

Security Control

Security control mitigates cyber attacks and unauthorized access. This usually requires your systems to have two-factor authentication systems and web firewalls. The main focus is to only let the right folks have access. 

Privacy Controls

Privacy Control is where sensitivity is key. As a cloud company, you must communicate the privacy policies to the customer as you are storing their data. Consent is king here – collecting sensitive information requires permission from the customers. And remember lawful means; the book must gather everything. Once the data has served its purpose, it’s time to bid it farewell and dispose of it properly.

Confidentiality Controls

Confidentiality Controls imply that you must share the information securely, but only with the right parties. For example, a confidential file must only be shared among hospitals, pharmacies, and specialists. 

The goal is to ensure it falls into the right hands. So, identifying what’s confidential and protecting it until its retention period ends is the name of the game.

Processing Integrity Controls

This control’s main goal is to ensure everything runs like clockwork in the system. It’s all about achieving the organization’s goals through data, focusing on inputs and outputs. Imagine a smooth e-commerce experience – a customer places an order, and voila, prompt delivery. 

But beware, outputs should be delivered only to their intended recipients, and any hiccups must be detected and corrected.

Additional reading

HIPAA Consultants

A Brief Guide On HIPAA Consultants + Top 10 HIPAA Consulting Firms

The Health Insurance Portability and Accountability Act (HIPAA) is a challenging federal law in the United States. It takes compliance professionals with a thorough understanding of the law to assess a company’s risks, appropriately train employees, and assist in the development of HIPAA policies and procedures. Who are HIPAA consultants? HIPAA consultants are firms that…

A Brief Comparison Between PII vs. PHI vs. PCI

The protection of personal information is becoming critical for businesses worldwide in an increasingly digital world where customer data is acquired at multiple touchpoints.  Global privacy laws mandate the protection of three main categories of personal data: Personally Identifiable Information (PII), Payment Card Industry (PCI) data, and Protected Health Information (PHI).  The acronyms PII, PCI,…
7 Best NIST Compliance Software

7 Best NIST Compliance Software

NIST isn’t your typical regulatory framework. Companies aren’t mandated to become NIST compliant unless they’re part of the US federal system. This also means it can be pretty challenging to implement without understanding what to do and how to streamline the flurry of activity involved. And this is where NIST compliance software can help. But…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.