Glossary

Control

A measurable activity or requirement that your organization uses to manage risk, enforce security, or satisfy compliance standards.

Documents, attachments, assessments, or records that prove a control is implemented and operating as expected.

A shared portal where your organization publishes verified security and compliance information to customers, partners, and auditors.

A process for collecting compliance and security responses, documents, and evidence from third-party providers.

The state of being prepared for an audit by having controls mapped, evidence collected, and gaps identified before the review begins.

A set of rules or standards, such as ISO 27001, SOC 2, HIPAA, or GDPR, that defines how your security and governance work should be structured.

The process of creating, reviewing, approving, publishing, and maintaining governance policies.

A central log of identified risks, their owners, their impact, and the actions being taken to manage them.

The connection between controls, policies, and the requirements of a compliance framework or certification.

Ongoing tracking of control status, evidence collection, and risk so the organization stays audit-ready over time.