Access review
A periodic check confirming that users and administrators still have appropriate access based on their current responsibilities.
Glossary
Use these definitions to understand common requirements, safeguards, evidence practices, and operating responsibilities.
A periodic check confirming that users and administrators still have appropriate access based on their current responsibilities.
The plans and capabilities used to keep essential operations functioning during disruption.
A safeguard or process designed to reduce risk or satisfy a security requirement.
The person accountable for ensuring a control is designed, implemented, reviewed, and maintained.
Insurance coverage addressing specified cyber-related losses, subject to policy terms, exclusions, and representations.
Policies and technology used to detect or restrict inappropriate handling and sharing of sensitive information.
Endpoint detection and response technology used to monitor devices, detect suspicious activity, and support investigation and containment.
A method of transforming information so it cannot be read without the appropriate cryptographic key.
A record showing that a control, review, decision, or activity occurred, including source, date, context, and approval where needed.
Federal requirements for administrative, physical, and technical safeguards protecting electronic protected health information.
The organized process for identifying, containing, investigating, communicating, recovering from, and documenting a security event.
Providing only the access required to perform an authorized responsibility.
Managed detection and response, a service combining security monitoring, investigation, and response support.
Multifactor authentication, which requires more than one type of verification before access is granted.
The target period for restoring a system or business function after disruption.
The risk remaining after safeguards and other treatments have been applied.
A structured process for identifying threats, vulnerabilities, impact, likelihood, existing safeguards, and treatment priorities.
A set of questions used by customers, partners, insurers, or other parties to evaluate security practices and supporting evidence.
An independent CPA examination and report concerning controls relevant to selected Trust Services Criteria.
Security, privacy, operational, and compliance risk introduced by service providers and other external dependencies.
A written information security plan describing how an organization protects covered information and maintains its security program.
A security approach that continuously verifies identity, device, context, and authorization rather than relying on network location alone.
Discuss the customer request, framework, insurer question, or security concern creating uncertainty.
Book a Compliance Clarity Call