Your glossary for risk and compliance
Helpful definitions of all of the terms you need to know to better manage risk and compliance.
TermsAFSL Authorised Representative AICPA Annex A Controls ASIC Attestation of Compliance (AOC) Business Continuity Management Compliance Automation Software Compliance Risk Management Cybersecurity Maturity Model Certification (CMMC) FedRAMP Governance Risk & Compliance (GRC) GPDR HIPAA HITRUST Incident Management Information Security Management System (ISMS) ISMS Governing Body ISO 27001 Notifiable Data Breach OAIC Policy Management SOC 1 SOC 2 SOC 3 SOC Reports SOC Trust Services Criteria (TSC) SSAE 16 SSAE 18 Third Party Risk Management Vendor Assessment Vendor Management Policy Vendor Review Vulnerability Vulnerability Management
What is the AICPA?
AICPA is the acronym for the American Institute of Certified Public Accountants. The AICPA is the originator of the SOC (System and Organization Controls) audit and reporting standards.
Through the SOC 2 standard, the AICPA sets guidelines for the evaluation of an organization’s data Security, Availability, Confidentiality, Privacy, and Processing Integrity — a set of criteria known as the Trust Services Criteria.
Learn more about the AICPA and its SOC reporting standards with this guide to the SOC 2.