Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » GDPR » Third Party

Third Party

The GDPR defines a Third Party as any entity excluding the data controller, data subject, or processor who, under authorization of the processor or controller, is allowed to receive and process personal data. A third party is not a processor that works on behalf of the data controller. They are not restricted by the controller. Instead, they are allowed to receive and process data any way they deem fit. An example of a third-party under the GDPR is a social media plugin that is authorized by the data subject to collect data and process it appropriately.

Additional reading

SOC 2 Requirements 2026: A Comprehensive Guide to Getting Compliant Quickly

SOC 2 Certification Requirements SOC 2 certification requires a service organization to implement and prove internal controls that satisfy the AICPA Trust Services Criteria — Security (mandatory), Availability, Processing Integrity, Confidentiality, and Privacy. A CPA auditor reviews documentation and evidence showing these controls are present and operating over time. A big ticket deal seems to…

Information Security Policy – Everything You Should Know

TL,DR: An information security policy lays the foundation for protecting an organization’s data assets by defining procedures, techniques, and technology for safeguarding confidentiality, integrity, and availability ISO 27001 requires the policy to have management buy-in and mandates that it be shared with all staff. Annex 5 of the standard sets the objectives and must-haves for…

HITRUST vs SOC 2 – Core Differences & Similarities

Information security is becoming a growing concern for cloud-hosted companies and the organizations are under constant pressure to meet the standard regulatory requirements. Understanding the differences between HITRUST vs SOC 2, although both HITRUST and SOC 2 compliance are industry-recognized certifications,  will help cloud-hosted companies demonstrate privacy, security, and quality practices.  TL;DR: The HITRUST certifications…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales