Glossary Overview

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Follow us


SOC 2 is the most sought after security framework for scaling SaaS companies. Keep up-to-date with the latest SOC 2 terms.

ISO 27001

ISO 27001 is considered the international gold standard for information security management. Want to learn more? Get familiar with ISO 27001 terms.


HIPAA compliance keeps companies that access, process, or store protected health information in check. Find out commonly used HIPAA terminology.


PCI DSS applies to businesses that accept, process, store, transmit, or impact the security of cardholder data. Keep updated on PCI DSS terms.

Showing search results for:


NIST CSF is a cybersecurity framework designed by US-based National Institute of Standards and Technology.


The California Consumer Privacy Act is a state statute passed in 2018 that gives California residents new data privacy rights and requires compliance from for-profit business entities.


The GDPR governs the collection, processing, consent, and distribution of personal information to ensure that EU citizens have more control of personal data.

Service Provider

A service provider is involved in the processing, storage, and transmission of a credit card holder's data.

Cardholder Data (CHD)

Cardholder data is any information on a customer's payment card.

Qualified Security Assessor (QSA)

Qualified Security Assessor is an organization or individual that compliance auditing.

Cardholder Data Environment (CDE)

Cardholder Data Environment (CDE) includes all the people and technologies that can impact the security of cardholder data.

Attestation of Compliance (AOC)

Attestation of Compliance (AOC) is the documentation that validates the compliance status of an organization.

Report on Compliance (ROC)

Learn about a Report on Compliance (ROC) and how they are obtained.

Self-Assessment Questionnaire (SAQ)

A Self-Assessment Questionnaire is a way for merchants and service providers to validate PCI compliance.

No results found 🤷

The compliance news you need. Delivered securely to your inbox.

Subject to Vanta's Privacy Policy, you agree to allow Vanta to contact you via the email provided for marketing and other purposes

Everything you need to get compliance audit ready, fast.