Search

Glossary

Security Posture

An organization's security posture (or cybersecurity posture) is the collective security status of all software, hardware, services, networks, information, vendors and service providers. 

Read More

Security Questionnaire

Security questionnaires are lists of often complex and technical questions, usually compiled by IT teams, to determine a company's security and compliance posture.

Read More

Security Rule (HIPAA)

The Security Rule protects a subset of information covered by the privacy rule, and sets the standard for the protection of electronically stored and transmitted PHI (ePHI). It does so by requiring the implementation of administrative, technical, and physical safeguards.

Read More

SOC 2

SOC 2 is a comprehensive framework applicable to all service providers who store any kind of client data in the cloud or on-prem. Moreover, SOC 2 is the most widely adopted and requested compliance certification for SaaS vendors in the

Read More

SOC 2 Audit Firm

SOC 2 audit firms are regulated by the AICPA, and they are required to be independent CPAs. The SOC 2 auditor you choose to work with will examine your controls (which will include evidence collection) to determine whether they are

Read More

SOC 2 Report

An audit report done by an objective, third-party firm that would be responsible for assessing your cybersecurity practices. All companies that hold customer information throughout their operation should consider scheduling and go through an audit. Depending on the maturity of

Read More

SOC 2 Type I Report

A SOC 2 Type I report examines the controls that govern an entity’s security and other applicable criteria at a point in time. This involves an auditor performing a walkthrough of your processes to understand and attest to the design

Read More

SOC 2 Type II Report

SOC 2 Type II reports assess the efficacy of an entity’s security and other applicable criteria since the last SOC 2 audit. Most SOC 2 reports are renewed annually. However, it is up to the company to decide to go

Read More

SOC Trust Services Criteria (TSC)

There are five Trust Service Criteria (TSC) or Trust Service Principles (TSP) within the SOC 2 framework. All organizations, independent of size, industry, or customer needs pursuing a SOC 2 have to include the Security Criteria. The others are optional

Read More

Subcontractor

A Subcontractor is an entity to whom a Business Associate delegates a function, activity, or service, other than in the capacity of a member of the workforce of the Business Associate. 

Read More

Subservice Organization

If a vendor’s controls, in combination with your organization’s controls, are necessary to achieve your service commitments and system requirements, to meet your SOC 1 objectives, or to fulfill applicable SOC 2 trust services criteria, then the vendor is classified

Read More

System

A piece of software, either built by the company or purchased from a third-party. All the cloud-based tools that employees use on a daily basis, typically qualify as systems. For example → Salesforce, Slack, JIRA, Miro, AWS S3, Gusto, etc.

Read More
Trusty

Want to see how to turn GRC into a profit center?

Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk! 

Learn More
TrustCommunity

The #1 Community for Security, Privacy, and GRC Professionals.

© 2024 TrustCloud Corporation. All rights reserved.
TrustCloud® and TrustOps® are registered trademarks of TrustCloud Corporation.

Facebook Linkedin Youtube Rss

Resources

Platform

TOPICS

ABOUT US

AICPA
Monitored by TrustCloud

💛 Joyfully Crafted to Elevate GRC Leaders into Trust Champions.

OR