AuditLens
Application built for auditors to externally evaluate a company’s compliance program and assess it for adherence to a standard.
Glossary
A
C
Compliance Program
A compliance program is a company's set of internal artifacts (controls, policies, systems, etc.) put into place in order to comply with laws, rules, and regulations or to uphold the business's reputation.
D
Data Rooms
Securely Invite customers: By using the Data Rooms feature in TrustShare, sales and security teams now have full control over what documents get shared with each customer, by creating a data room for each customer, where specific documents that need
E
G
General Data Protection Regulation (GDPR)
This is known to be the toughest privacy and security law. Approved in 2016, and enforced in May 2018 by the EU, it made the already strict European legal environment even more challenging for businesses. It imposes uniform data security
H
HIPAA Rules
There are four rules designed to keep PHI safe and secure, and to properly notify affected parties in case of a data breach: Privacy, Security, Breach Notification, and Omnibus.
I
P
R
Risk Management
Risk management is the process of identifying, assessing, and mitigating potential risks that could negatively impact an organization's objectives, goals, or projects. The objective of risk management is to minimize the likelihood and impact of risks by developing and implementing
S
Security Posture
An organization's security posture (or cybersecurity posture) is the collective security status of all software, hardware, services, networks, information, vendors and service providers.
Security Questionnaire
Security questionnaires are lists of often complex and technical questions, usually compiled by IT teams, to determine a company's security and compliance posture.
SOC 2 Report
An audit report done by an objective, third-party firm that would be responsible for assessing your cybersecurity practices. All companies that hold customer information throughout their operation should consider scheduling and go through an audit. Depending on the maturity of
SOC 2 Type I Report
A SOC 2 Type I report examines the controls that govern an entity’s security and other applicable criteria at a point in time. This involves an auditor performing a walkthrough of your processes to understand and attest to the design
SOC 2 Type II Report
SOC 2 Type II reports assess the efficacy of an entity’s security and other applicable criteria since the last SOC 2 audit. Most SOC 2 reports are renewed annually. However, it is up to the company to decide to go
SOC Trust Services Criteria (TSC)
There are five Trust Service Criteria (TSC) or Trust Service Principles (TSP) within the SOC 2 framework. All organizations, independent of size, industry, or customer needs pursuing a SOC 2 have to include the Security Criteria. The others are optional
Subcontractor
A Subcontractor is an entity to whom a Business Associate delegates a function, activity, or service, other than in the capacity of a member of the workforce of the Business Associate.
Subservice Organization
If a vendor’s controls, in combination with your organization’s controls, are necessary to achieve your service commitments and system requirements, to meet your SOC 1 objectives, or to fulfill applicable SOC 2 trust services criteria, then the vendor is classified
T
Team (or “Account”)
A single customer’s instance of TrustCloud. “Team” roughly equates to a company, or an Organization Unit within a company.
Third-Party Vendor
A third party vendor is a person or company that provides services for another company (or that company's customers).
Trust Assurance
Trust Assurance is a brand new approach. Trust Assurance is a crafted, consumer-grade user experience that demystifies compliance. It pairs machine learning with intuitive design to do most of the work for you; embedding accurate testability into every workflow to
Trust Champion
The person who helps their organization measure and meet its internal compliance obligations. Their actions support revenue-generating activities, protect their organization from legal and contractual liabilities, and enable the organization to confidently and transparently showcase an intentional, robust, and differentiated
TrustRegister
Predictive intelligence to eliminate manual, unreliable processes and optimize your risk management program. TrustRegister helps you identify risks, streamline remediation, and assess business impact so you can maintain a proactive program - good riddance to that pesky spreadsheet
TrustShare
An automatically generated, interactive website that TrustCloud customers use as a single place for all trust communication with their prospects and customers. TrustShare confidently showcases your company’s security and compliance hygiene to help you bi-pass completing security questionnaires!
TrustShare Questionnaires
TrustShare feature that uses Machine Learning to auto-generate accurate answers to security questionnaires.
