Your security and compliance glossary

An ISO 27001 Risk Assessment helps an organization identify weaknesses in its security processes and procedures.

Trying to find the answer to What is an ISO 27001 nonconformity? Vanta's got you covered. Click here to learn more about ISO 27001 nonconformities.

The ISO 27001 management review ensures an an organization’s Information Security Management System (ISMS) and its objectives continue to remain appropriate and effective given the organization’s purpose, issues, and risks around its information assets.

Trying to find the answer to What are ISO 27001 key performance indicators (KPIs)? Vanta's got you covered. Click here to learn more about ISO 27001 KPIs.

An ISO 27001 internal audit examines an organization’s Information Security Management System (ISMS) before undergoing an ISO audit with an external auditor.

An ISMS governing body is a team with management oversight, composed of key members of top management—typically defined as senior leadership and executive management responsible for strategic decisions and resource allocation—from within the organization.

ISMS is a systematic approach to managing an organization’s information security.

Annex A of the ISO 27001 standard is a list of security controls that organizations can use to improve the security of their information assets.

Protected health information (PHI) is health data that is created, received, stored, or transmitted by HIPAA-covered entities. Find out more about PHI now!

A HIPAA breach is the acquisition, access, use, or disclosure of PHI in a manner not permitted by HIPAA regulations. Find out more about HIPAA breaches now.