Aadit Technologies

Security & Compliance Glossary

Clear, jargon-free definitions of the cybersecurity and compliance terms you'll encounter when securing and certifying your organisation.

GDPR

Compliance

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a European Union law governing how organisations collect, process, and store the personal data of individuals in the EU and EEA. It grants people rights over their data and requires businesses to obtain a lawful basis, protect data, and report breaches — with heavy penalties for non-compliance.

Read definition

HIPAA

Compliance

Health Insurance Portability and Accountability Act

HIPAA (the Health Insurance Portability and Accountability Act) is a United States law that sets national standards for protecting sensitive patient health information. It requires healthcare providers, insurers, and their business associates to safeguard protected health information (PHI) through administrative, physical, and technical controls, and to notify affected individuals when a data breach occurs.

Read definition

ISO 27001

Compliance

ISO/IEC 27001 Information Security Management

ISO/IEC 27001 is the leading international standard for information security management systems (ISMS). It provides a risk-based framework of policies, procedures, and controls that organisations use to protect the confidentiality, integrity, and availability of information. Certification, issued after an independent audit, shows customers and regulators that security is managed systematically.

Read definition

PCI DSS

Compliance

Payment Card Industry Data Security Standard

PCI DSS (Payment Card Industry Data Security Standard) is a global security standard that any organisation storing, processing, or transmitting payment card data must follow. Created by the major card brands, it defines technical and operational requirements — such as encryption, access control, and monitoring — to protect cardholder data and reduce payment fraud.

Read definition

SIEM

Cybersecurity

Security Information and Event Management

SIEM (Security Information and Event Management) is a technology that collects, aggregates, and correlates log and event data from across an organisation's systems in real time. By analysing this data against known threat patterns, SIEM helps security teams detect suspicious activity, investigate incidents, and meet compliance requirements through centralised monitoring and reporting.

Read definition

SOC

Cybersecurity

Security Operations Center

A Security Operations Center (SOC) is a centralised team and facility that continuously monitors, detects, analyses, and responds to cybersecurity threats across an organisation's IT environment. Operating around the clock, a SOC combines skilled analysts, defined processes, and technologies such as SIEM to reduce the time it takes to identify and contain security incidents.

Read definition

SOC 2

Compliance

System and Organization Controls 2

SOC 2 (System and Organization Controls 2) is a compliance framework and audit report developed by the AICPA that evaluates how well a service organisation protects customer data. Assessments are based on five Trust Services Criteria — security, availability, processing integrity, confidentiality, and privacy — and are especially important for SaaS and cloud providers.

Read definition

VAPT

Cybersecurity

Vulnerability Assessment and Penetration Testing

VAPT (Vulnerability Assessment and Penetration Testing) is a combined security testing approach that first scans systems, networks, and applications to identify known vulnerabilities, then simulates real-world attacks to exploit them. The assessment finds security gaps while the penetration test proves their real business impact, helping organisations prioritise and fix critical risks.

Read definition