GRC terms explained

GRC stands for governance, risk, and compliance. Learn how GRC programs help organizations manage risk, meet regulatory requirements, and align security with business goals.

HIPAA is the US federal law protecting health information. Learn about the Privacy Rule, Security Rule, BAAs, PHI safeguards, and penalties for non-compliance.

ISO 27001 is the international standard for information security management systems (ISMS). Learn about certification requirements, Annex A controls, and how to prepare.

PCI DSS is the security standard for organizations that handle credit card data. Learn about compliance levels, requirements, and what changed in PCI DSS 4.0.

SOC 2 is an auditing framework for service organizations based on five Trust Services Criteria. Learn about SOC 2 Type I vs Type II, audit timelines, and what it takes to get compliant.

An ISMS is a systematic framework for managing information security risks. Learn how an ISMS works, its components, and how it relates to ISO 27001 certification.