Compliance Audit Glossary

Clear definitions for key compliance audit terms. From audit findings and remediation to SOC 2, HIPAA, PCI-DSS, and beyond.

A B C E G H I N P R S

A

Access Controls

Security mechanisms that regulate who can view, use, or modify resources within an information system based on defined authorization policies.

Audit Finding

A documented result from an audit identifying a condition where requirements are not met or controls are not operating effectively.

Audit Observation

A noted condition during an audit that does not rise to the level of a finding but represents an area for improvement.

Audit Trail

A chronological record of system activities that provides documentary evidence of the sequence of activities affecting operations or data.

B

Business Associate Agreement

A legally binding contract required by HIPAA between a covered entity and a business associate that establishes permitted uses of protected health information.

C

CMMC

The Cybersecurity Maturity Model Certification required for defense contractors handling Controlled Unclassified Information.

Compliance Audit

A systematic examination of an organization's adherence to regulatory requirements, industry standards, or internal policies.

Continuous Monitoring

The ongoing process of observing, assessing, and reporting on the effectiveness of security controls in real time or near-real time.

Control Deficiency

A weakness in the design or operation of a control that prevents it from achieving its intended objective.

Corrective Action Plan

A documented plan outlining the steps, responsibilities, and timelines for addressing audit findings or control deficiencies.

E

Encryption

The process of converting data into an unreadable format using cryptographic algorithms to protect confidentiality during storage and transmission.

Evidence Collection

The systematic process of gathering documentation, records, and artifacts that demonstrate control effectiveness during an audit.

External Audit

An independent assessment conducted by a third-party auditor or certification body to formally evaluate compliance.

G

Gap Analysis

A structured comparison between current practices and required standards to identify areas where an organization falls short.

H

HIPAA

The Health Insurance Portability and Accountability Act establishing national standards for protecting sensitive patient health information.

I

Incident Response

A structured approach to detecting, containing, eradicating, and recovering from security incidents that threaten information assets.

Internal Audit

An independent assessment conducted by an organization's own team to evaluate compliance and control effectiveness before external review.

ISO 27001

The international standard for information security management systems specifying requirements for establishing, implementing, and continually improving an ISMS.

N

NIST Cybersecurity Framework

A voluntary framework of standards, guidelines, and best practices for managing cybersecurity risk across six core functions.

P

PCI-DSS

The Payment Card Industry Data Security Standard establishing requirements for organizations that handle credit card data.

Penetration Testing

An authorized simulated attack against systems or applications to identify security vulnerabilities before malicious actors can exploit them.

Policy Framework

A structured set of policies, standards, and procedures that establishes governance for an organization's security and compliance program.

R

Remediation

The process of addressing and resolving audit findings, control deficiencies, or compliance gaps identified during an assessment.

Risk Assessment

A formal process for identifying, analyzing, and evaluating information security risks to determine appropriate treatments.

S

SOC 2

A trust services framework developed by the AICPA for evaluating controls related to security, availability, processing integrity, confidentiality, and privacy.

Need Help With Your Compliance Audit?

Our compliance experts help organizations navigate audits with a 100% pass rate.