Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » ISO 27001 » BCP Testing

BCP Testing

Business Continuity Planning (BCP) is the procedure of creating preventive and recovery systems to counter potential cyber threats to an enterprise or to ensure process continuity in the case of a cyberattack. BCP’s secondary goal is to make sure operational continuity before as well as during the execution of disaster recovery.

The planning entails personnel and asset protection, thus ensuring a swift recovery of operations in the event of an attack or loss of data. In short, the basic business continuity requirement is to keep necessary functions up and running in the event of a disaster and to be able to recover with as little downtime as possible. A business continuity plan also considers various unpredictable events, such as natural disasters, disease outbreaks, fires, cyberattacks, and other external threats.

Additional reading

Enterprise Risk Management: Frameworks, Implementation, Cost

TL,DR: Enterprise Risk Management (ERM) is a structured approach to managing risks holistically across all business units, integrating risk tolerance with strategic goals rather than addressing risks in isolation within individual departments Widely used ERM frameworks include ISO 31000 (risk management principles), COBIT 2019 (IT governance alignment), COSO 2017 (integrating risk with strategy and performance),…

Compliance Decoded: Definition, Frameworks, and Steps to Implement it 

For many fast-growing businesses, compliance often enters the picture late, right when the stakes are high. A high-value deal is on the line. A partner demands proof of security controls. You’re entering a new market with strict privacy regulations. Suddenly, compliance becomes critical—not a strategic move, but a reactive scramble. Yet compliance isn’t just a…

GDPR Article 15 Right of Access by the Data Subject

TL,DR: Article 15 of GDPR gives every data subject the legal right to request and receive all personal data an organization holds about them, with the first copy provided free of charge Organizations must disclose processing purposes, data categories collected, third-party recipients, and retention periods upon receiving a valid access request submitted orally, in writing,…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales