Product ComplianceGlossary

Continuous retrieval of audit artifacts (e.g., access reviews, cloud config snapshots, vulnerability scans) from integrated systems.

Ongoing evaluation of control effectiveness and drift in real time across cloud, identity, code, and endpoints.

Reusing a single control implementation to satisfy requirements across frameworks like SOC 2, ISO 27001, and GDPR.

Public portal showing security posture, certifications, policies, and real‑time status for customers and auditors.

Role‑limited access for external auditors to review scoped evidence and reports during an engagement.

Workflow to document, approve, and track deviations from control requirements with compensating controls and expiration dates.

Creation, approval, versioning, and attestation tracking of security policies and procedures.

Central list of identified risks with likelihood, impact, ownership, and treatment plans.

Periodic certification of user entitlements to verify least‑privilege access across systems.

Single Sign‑On for authentication and System for Cross‑domain Identity Management for automated user provisioning.

ISO 27001 document listing applicable Annex A controls, with justification for inclusion or exclusion.

ISO 27001 set of reference controls used to manage information security risks within an ISMS.

SOC 2 criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy) used to evaluate controls.

Process to request, approve, implement, and document changes to systems and code, often linked to tickets and PRs.

Scanning, triage, remediation, and verification of vulnerabilities across applications and infrastructure.

Independent assessment simulating attacks to evaluate the effectiveness of security controls and identify weaknesses.

Third‑party service providers that process customer data on behalf of a vendor; typically listed in a trust center.

Request submitted under privacy laws (e.g., GDPR) for access, correction, or deletion of personal data.