Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » SOC 2 » SSAE 18

SSAE 18

SSAE 18 is a set of updates to the SOC (Service Organization Control) report standards, replacing the previous version, SSAE 16, and the older SAS 70 report. These enhancements aim to improve the quality and usefulness of SOC reports. With these updates, companies will be required to take more responsibility for identifying and categorizing risks and properly managing their relationships with third-party vendors. These changes will help address any gaps identified in the reports of many service organizations, although they are relatively manageable.

Additional reading

DORA and Essential Eight: Security Compliance Guide

TL,DR: DORA is a mandatory EU regulation strengthening digital resilience across the financial sector. The Essential Eight is an Australian ASD framework protecting IT networks from cyber threats DORA covers 6 areas: ICT risk management, third-party risk, resilience testing, incident management, information sharing, and provider oversight. Essential Eight addresses application control, patching, macro settings, MFA,…

NIST Privacy Framework: The Ultimate Guide

TL,DR: The NIST Privacy Framework (January 2020) consists of 3 components: Core (activities for privacy protection), Profiles (current and target privacy states), and Implementation Tiers (levels of risk management rigor) The Core is organized into 5 functions: Identify-P (understanding risks), Govern-P (governance structure), Control-P (data processing management), Communicate-P (stakeholder transparency), and Protect-P (data safeguards) Implementation…

SOC 2 Controls: Complete List, Examples, and Requirements for Compliance

TL;DR SOC 2 has no universal controls checklist: organizations design their own to meet the AICPA’s Trust Services Criteria, with Security mandatory and Availability, Confidentiality, Processing Integrity, and Privacy added as needed. The Security category includes nine common criteria: control environment, risk assessment, monitoring, logical access (MFA, RBAC, password policies), physical access, change management, system…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.