Welcome to the Comensure
    GRC Glossary.

    Welcome to the Comensure GRC Glossary. Here, we’ve created a dictionary of industry terms designed to help professionals recognize some of the most common acronyms used within the industry to further their knowledge and avoid confusion.

    Sarbanes-Oxley (SOX) compliance instructs publicly-traded companies and financial services firms to establish internal controls and processes. It requires companies to ensure financial data is accurate and certify that security procedures are properly in place to increase transparency in financial reporting.  Read more

    The Health Insurance Portability and Accountability Act (HIPAA) ensures the protection of sensitive patient data. Companies that work with protected health information (PHI) must follow specific security measures to remain in compliance with HIPAA.  Read more

    The Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides fraud prevention and enterprise risk management guides as well as internal control frameworks to financial and accounting organizations. Read more

    The Department of Labor (DOL) fiduciary rule redefines brokerage business processes and elevates investment advice standards for retirement accounts. Read more

    COBIT 5
    The Control Objectives for Information and Related Technology (COBIT) 5 framework provides organizations guidance and tools to support their enterprise IT governance and management. Read more

    The Government Accountability Office (GAO) ensures taxpayer money is used properly by the federal government and supports Congress in its constitutional obligations. Read more

    SOC 1
    SOC 1, or SSAE 16, compliance concerns a business’s financial reporting controls. It is a regulation produced by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). SOC 1 is the internal reporting standard for all services auditors.

    SOC 2
    SOC 2 focuses on standardized benchmarks for controls related to the security and confidentiality of the business’s data center and information. It primarily assesses the aspects of data center testing and operational effectiveness.

    SOC 3
    Like SOC 2, SOC 3 reports focus on predefined standards for controls associated with the privacy of a data center. However, SOC 3 is publicly available and offers data centers the highest level of accreditation of operational quality possible.

    ISO 9001
    ISO 9001 is the most widely used international industry standard for Quality Management Systems (QMS). Businesses across industries can benefit from implementing ISO 9001 because its requirements are supported by universal management principles.

    302 Certification
    The Sarbanes-Oxley (SOX) 302 Certification declares the CEO and CFO responsible for the accuracy and establishment of financial reports and internal controls.

    SEC compliance adheres to the rules and regulations set forth by the Securities and Exchange Commission to inform policy initiatives and monitor risk. SEC was created to protect investors from fraud and ensure securities markets remain efficient and fair.

    Internal Controls Over Financial Reporting (ICFR) defines the requirements for public companies to maintain and assess the effectiveness of their financial reporting and the preparation of financial statements by reducing the risk of material errors or misstatements.

    Under the Department of Labor (DOL), the Employee Retirement Income Security Act of 1974 (ERISA) is a federal law that applies to most private employers. It establishes minimum standards and protections for employee retirement, health and other benefit plans such as life insurance and disability insurance.

    The Federal Regulatory Commission (FERC) is a U.S. federal agency that regulates and monitors gas, oil and electric utilities. Its top priorities include: ensuring reliable and sustainable energy for consumers, promoting reasonable rates and conditions, requiring safe and efficient infrastructure and enforcing compliance by deterring market manipulation.

    Comensure offers the most common compliance frameworks as well as a customizable infrastructure to adapt to any organization in any industry with specific compliance needs. Through Comensure GRC, business processes, risks and controls are housed in one application, which enables multiple compliance frameworks to be monitored and implemented simultaneously.

    Curious about the real-world cost of compliance failures? Contact us today!