Glossary

Audit, compliance, and AI terms worth knowing.

7 terms

• DPO (Data Protection Officer)

  An organizational role responsible for overseeing data-protection strategy and ensuring compliance with privacy laws like PDPA and GDPR. Required when an organization processes sensitive personal data at scale or systematically monitors data subjects.

• Gap analysis

  A structured comparison between an organization's current state (policies, controls, evidence) and a target state defined by a standard or framework. Outputs a prioritized list of differences (gaps) and remediation actions.

• GDPR

  The General Data Protection Regulation (EU) 2016/679 — the European Union's comprehensive data-protection law. Applies extraterritorially to organizations outside the EU that offer goods/services to EU residents or monitor their behavior.

• ISMS (Information Security Management System)

  A systematic approach to managing sensitive company information so that it remains secure. Includes policies, processes, people, and technology. Required structure for ISO 27001 certification.

• ISO 27001

  International standard specifying the requirements for an Information Security Management System (ISMS). The current revision is ISO/IEC 27001:2022, defining 93 controls across organizational, people, physical, and technological categories.

• PDPA (Thailand)

  The Personal Data Protection Act B.E. 2562 (2019) — Thailand's comprehensive data-protection law. Applies to any organization processing personal data of people in Thailand, regardless of company size or country of registration.

• SOC 2

  An AICPA attestation report that evaluates a service organization's controls against one or more of the five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. Comes in Type I (point-in-time) and Type II (period coverage).