Compliance Glossary

Demystifying the technical jargon of SOC 2, ISO 27001, and information security compliance.

✓Expert verified by Kevin A, CISSP

AICPA

The American Institute of Certified Public Accountants, the organization that developed and maintains the SOC 2 framework.

Bridge Letter

A document issued by a service organization that covers the gap between the end of the SOC 2 report period and the current date.

Common Criteria

The set of control requirements in SOC 2 that apply to all five Trust Service Criteria, covering security, availability, and more.

Gap Analysis

An assessment performed to identify the differences between a company's current security controls and the requirements of a compliance framework.

ISO 27001

An international standard for information security management systems (ISMS), often compared to SOC 2.

Least Privilege

The security principle that users should only have the minimum level of access necessary to perform their job functions.

Penetration Test

A simulated cyberattack against your computer system to check for exploitable vulnerabilities, often required for SOC 2 Type II.

SOC 2 Type I

A report on the description of a service organization's system and the suitability of the design of its controls as of a specific date.

SOC 2 Type II

A report that covers the design and operating effectiveness of controls over a period of time, usually 6 to 12 months.

Trust Service Criteria (TSC)

The five categories of controls used in SOC 2: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Kevin A

CISSPCISMCCSPAWS Security Specialist

Principal Security & GRC Engineer

Kevin is a security engineer turned GRC specialist. He focuses on mapping cloud-native infrastructure (AWS/Azure/GCP) to modern compliance frameworks, ensuring that security controls are both robust and auditor-ready without slowing down development cycles.

Connect on LinkedIn →Chat on Reddit →

Assess Your Readiness

Our free assessment tool uses these terms in action to give you a deterministic readiness score.

Start Free Assessment

Request Auditor Quotes

Ready to hire? Generate a standardized RFP and get competitive quotes from vetted auditors.

Generate RFP Now →

Glossary FAQs

What is compliance and security terms?

compliance and security terms helps organizations understand and demonstrate their security and compliance posture. RiscLens provides data-driven insights, benchmarks, and guidance so you can plan audits and vendor due diligence with confidence.

How does RiscLens use data for SOC 2 & Cybersecurity Glossary?

We analyze public security signals, trust centers, and disclosed certifications to give you an objective view. Our methodology is transparent and deterministic—scores and recommendations are based on explicit criteria, not black-box algorithms.

Is the information on this page updated?

We refresh our data regularly and surface "Updated" or "Last verified" where relevant. For the most current compliance status of a specific vendor, always confirm with their trust center or security team.

Who is SOC 2 & Cybersecurity Glossary for?

This resource is for founders, security leads, and procurement teams who need to benchmark compliance, compare options, or conduct vendor due diligence. We focus on practical, actionable guidance without sales pressure.