Compliance glossary

Plain-English definitions of the compliance, audit and information-security terms behind ISO 27001, SOC 2, HIPAA, GDPR, NIST CSF and AI governance — written so you (and your auditor) know exactly what each one means.

Looking for a framework overview instead? See our framework guides.

Core concepts

Security operations

Audit & certification

ISO 27001 & 42001

SOC 2

HIPAA

AI governance & NIST CSF

Professional editable templates — general information only, not legal, audit, tax, or certification advice, and no professional or advisory relationship is created. No purchase makes an organization compliant or certified. Review each document with qualified counsel, your compliance professional, or your auditor before relying on it. ISO, IEC, SOC 2, AICPA, HIPAA, NIST, GDPR, the EU AI Act, IRS and FTC are referenced descriptively only; ComplianceDocs (ExpertEngine LLC) is independent and is not affiliated with, endorsed by, or certified by any standards body, regulator, or audit firm.