Drata Security and Compliance Glossary

Helpful definitions for the terms you need to know before getting compliance audit-ready.

Join the Thousands of Companies that Trust Drata

Abnormal Logo
Airbase
BambooHR Logo
Clearco Logo
Clearbit Logo
Superhuman
Lemonade Logo
Fivetran Logo
Notion Logo
Vercel Logo
Wordpress VIP
Calendly Logo
Categories

Procedure

Learn More

A compliance procedure is a series of steps that must be taken to achieve a certain compliance objective.

ISO 27001:2022

Learn More

ISO 27001:2022, published in September 2022, is an international standard that specifies requirements for an information security management system (ISMS).

ISO 27002:2022

Learn More

ISO 27002:2022, published in September 2022, is an international standard that provides guidelines for information security management.

ISO 27003:2017

Learn More

ISO/IEC 27003:2017 is an international standard that provides guidelines for information security management system (ISMS) implementation.

ISO 27004

Learn More

ISO 27004 is an international standard that provides guidelines for measuring information security.

ISO 27005:2022

Learn More

ISO 27005:2022, published in September 2022, is an international standard that provides information security risk management guidelines.

ISO 27006

Learn More

ISO 27006 is an international standard that specifies requirements for the certification of information security management systems (ISMS).

ISO 27007

Learn More

ISO 27007 is an international standard that provides guidelines for auditing information security management systems (ISMS).

Quantitative Risk Assessment

Learn More

A quantitative risk assessment is a type of risk assessment that involves the use of mathematical and statistical methods to estimate the likelihood and impact of potential risks.

Qualitative Risk Assessment

Learn More

A qualitative risk assessment is a type of risk assessment that involves the evaluation of potential risks based on subjective judgments and expert opinions.

Vendor Management Policy

Learn More

What is a Vendor Management Policy? A vendor management policy is an important component of an organization’s larger compliance risk management strategy.

Vendor Review

Learn More

Vendor review is a process by which an organization can understand the potential risks of utilizing a vendor’s product or service, as well as an ongoing process to ensure that quality security practices are being maintained in an ongoing fashion.

Vulnerability Management

Learn More

What is Vulnerability Management? Vulnerability management is the process of identifying, evaluating, treating, and reporting on security vulnerabilities in systems and the software that runs on them.

IT Security Policy

Learn More

What is an IT Security Policy? An information technology (IT) security policy establishes rules and procedures for the individuals who interact with an organization’s IT assets and resources, in order to protect information.

Cybersecurity Asset Management

Learn More

Cybersecurity asset management is the process of identifying, classifying, and managing the assets in an organization's information technology (IT).

Load More

Automate Your Journey

Drata's platform experience is designed by security and compliance experts so you don't have to be one.

Connect

Easily integrate your tech stack with Drata.

Configure

Pre-map auditor validated controls.

Comply

Begin automating evidence collection.

Put Security & Compliance on Autopilot®

Close more sales and build trust faster while eliminating hundreds of hours of manual work to maintain compliance.