Knowledge Base

Product ComplianceGlossary

Your comprehensive guide to understanding key terms in product compliance and regulatory requirements.

Security Compliance

Automated Evidence Collection

Continuous retrieval of audit artifacts (e.g., access reviews, cloud config snapshots, vulnerability scans) from integrated systems.

Continuous Monitoring

Ongoing evaluation of control effectiveness and drift in real time across cloud, identity, code, and endpoints.

Control Mapping

Reusing a single control implementation to satisfy requirements across frameworks like SOC 2, ISO 27001, and GDPR.

Trust Center

Public portal showing security posture, certifications, policies, and real‑time status for customers and auditors.

Audit

Auditor Access

Role‑limited access for external auditors to review scoped evidence and reports during an engagement.

Governance

Exception Management

Workflow to document, approve, and track deviations from control requirements with compensating controls and expiration dates.

Policy Management

Creation, approval, versioning, and attestation tracking of security policies and procedures.

Risk

Risk Register

Central list of identified risks with likelihood, impact, ownership, and treatment plans.

Identity

Access Reviews

Periodic certification of user entitlements to verify least‑privilege access across systems.

SSO / SCIM

Single Sign‑On for authentication and System for Cross‑domain Identity Management for automated user provisioning.

ISO 27001

SoA (Statement of Applicability)

ISO 27001 document listing applicable Annex A controls, with justification for inclusion or exclusion.

Annex A Controls

ISO 27001 set of reference controls used to manage information security risks within an ISMS.

SOC 2

Trust Services Criteria (TSC)

SOC 2 criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy) used to evaluate controls.

Operations

Change Management

Process to request, approve, implement, and document changes to systems and code, often linked to tickets and PRs.

Security

Vulnerability Management

Scanning, triage, remediation, and verification of vulnerabilities across applications and infrastructure.

Penetration Test (Pen Test)

Independent assessment simulating attacks to evaluate the effectiveness of security controls and identify weaknesses.

Privacy

Subprocessors

Third‑party service providers that process customer data on behalf of a vendor; typically listed in a trust center.

Data Subject Request (DSR)

Request submitted under privacy laws (e.g., GDPR) for access, correction, or deletion of personal data.

Ready to Get Compliant?

Achieve SOC 2, ISO 27001 & GDPR Compliance in Days, Not Months

Join hundreds of companies who've achieved compliance faster with ComplyOps. Our AI-powered platform automates 90% of compliance work, so you can focus on building your business.