Your security and compliance glossary

Compliance risk management describes an organization’s strategy for managing the risk of non-compliance with pertinent regulations. Find out more now!

The five Trust Services Criteria comprise the evaluation structure of a SOC 2 audit and report. Find out more about the trust services criteria now!

SOC auditors are CPAs who work with the SOC suite to evaluate and report on the controls in place at an organization. Find out more about SOC auditors now.

The AICPA is the originator of the SOC (System and Organization Controls) audit and reporting standards. Find out more about the AICPA now!

SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports, now, superseding SSAE 16. Find out more about SSAE 18 now.

SSAE 16 is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). Find out more about SSAE 16 now.

A SOC 3 Report covers the same basic materials and concerns of a SOC 2 Report, but it only distributes the auditor’s report without including description of the tests and their results. Find out more about SOC 3 now.

SOC 2 compliance defines controls for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy. Find out more about SOC 2 now.

A SOC 1 report is documentation of the internal controls that are likely to be relevant to an audit of a customer's financial reporting. Find out more about SOC 1 now.

A service organization controls (SOC) report is a way to verify that an organization is following specific best practices related to protecting their clients’ data. Find out more about SOC reports now.