Search

Glossary

Back to full Glossary

C

Compliance Program

A compliance program is a company's set of internal artifacts (controls, policies, systems, etc.) put into place in order to comply with laws, rules, and regulations or to uphold the business's reputation.

Read More

Control

A control is something you follow as a company, so that you mitigate a potential risk. In TrustCloud, control is the foundational building block of a company’s program.

Read More

D

Data Rooms

Securely Invite customers: By using the Data Rooms feature in TrustShare, sales and security teams now have full control over what documents get shared with each customer, by creating a data room for each customer, where specific documents that need

Read More

E

Evidence

Each piece of evidence provides proof that a company is adhering to its controls. Auditors (and sometimes customers) require a company to provide evidence, so that they can validate that the company is actually meeting the compliance obligations it claims.

Read More

I

ISO 27701

ISO 27701 is a management standard that was published in 2019 in response to the growing need for a global data privacy framework. ISO (the International Organization for Standardization) and the IEC (the International Electrotechnical Commission) developed ISO 27701 as

Read More

P

Policy

A policy is a document that describes the intention of the company.

Read More

Program

A compliance program is a company's set of internal artifacts (controls, policies, systems, etc.) put into place in order to comply with laws, rules, and regulations or to uphold the business's reputation.

Read More

S

Security Posture

An organization's security posture (or cybersecurity posture) is the collective security status of all software, hardware, services, networks, information, vendors and service providers. 

Read More

Security Questionnaire

Security questionnaires are lists of often complex and technical questions, usually compiled by IT teams, to determine a company's security and compliance posture.

Read More

SOC 2 Report

An audit report done by an objective, third-party firm that would be responsible for assessing your cybersecurity practices. All companies that hold customer information throughout their operation should consider scheduling and go through an audit. Depending on the maturity of

Read More

SOC 2 Type I Report

A SOC 2 Type I report examines the controls that govern an entity’s security and other applicable criteria at a point in time. This involves an auditor performing a walkthrough of your processes to understand and attest to the design

Read More

SOC 2 Type II Report

SOC 2 Type II reports assess the efficacy of an entity’s security and other applicable criteria since the last SOC 2 audit. Most SOC 2 reports are renewed annually. However, it is up to the company to decide to go

Read More

SOC Trust Services Criteria (TSC)

There are five Trust Service Criteria (TSC) or Trust Service Principles (TSP) within the SOC 2 framework. All organizations, independent of size, industry, or customer needs pursuing a SOC 2 have to include the Security Criteria. The others are optional

Read More

Subcontractor

A Subcontractor is an entity to whom a Business Associate delegates a function, activity, or service, other than in the capacity of a member of the workforce of the Business Associate. 

Read More

System

A piece of software, either built by the company or purchased from a third-party. All the cloud-based tools that employees use on a daily basis, typically qualify as systems. For example → Salesforce, Slack, JIRA, Miro, AWS S3, Gusto, etc.

Read More

T

Test

A test checks for a single requirement in a control. All controls contain one or more tests, each of which checks for a specific requirement of the control.

Read More

Trust Assurance

Trust Assurance is a brand new approach. Trust Assurance is a crafted, consumer-grade user experience that demystifies compliance. It pairs machine learning with intuitive design to do most of the work for you; embedding accurate testability into every workflow to

Read More

Trust Champion

The person who helps their organization measure and meet its internal compliance obligations. Their actions support revenue-generating activities, protect their organization from legal and contractual liabilities, and enable the organization to confidently and transparently showcase an intentional, robust, and differentiated

Read More

TrustOps

Application that enables continuous compliance automation. TrustOps empowers teams to manage their internal trust operations and achieve one or more security and privacy compliance standards such as SOC 2, HIPAA, ISO 27001, etc.

Read More

TrustShare

An automatically generated, interactive website that TrustCloud customers use as a single place for all trust communication with their prospects and customers. TrustShare confidently showcases your company’s security and compliance hygiene to help you bi-pass completing security questionnaires!

Read More

TrustShare Questionnaires

TrustShare feature that uses Machine Learning to auto-generate accurate answers to security questionnaires.

Read More

U

User

An individual who uses TrustCloud, identified with their email ID. A user may be part of a single team, or multiple teams. Most users belong to a single team.

Read More

V

Vendor

A company that builds and ships a system. For example, Microsoft is the vendor for systems like Azure AD, Confluence, Office 365 etc.

Read More
Trusty

Want to see how to turn GRC into a profit center?

Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk! 

Learn More
TrustCommunity

The #1 Community for Security, Privacy, and GRC Professionals.

© 2024 TrustCloud Corporation. All rights reserved.
TrustCloud® and TrustOps® are registered trademarks of TrustCloud Corporation.

Facebook Linkedin Youtube Rss

Resources

Platform

TOPICS

ABOUT US

AICPA
Monitored by TrustCloud

💛 Joyfully Crafted to Elevate GRC Leaders into Trust Champions.

OR