Privacy & Compliance

IGA

A framework of policies, processes, and technologies that manage and govern digital identities and their access rights across an organization, including provisioning, certification, and compliance reporting.

CIAM

A specialized subset of IAM focused on managing and securing external customer identities, providing seamless registration, authentication, and profile management for consumer-facing applications.

A periodic assessment process where managers or application owners review and validate that users' current access rights are appropriate and aligned with their roles and responsibilities.

SoD

A security control principle that divides critical tasks among multiple people or roles to prevent any single individual from having enough access to commit fraud or cause significant harm undetected.

SSI

An identity model that gives individuals full ownership and control of their digital identities without relying on any centralized authority, using decentralized identifiers and verifiable credentials.

A compliance framework developed by the AICPA that defines criteria for managing customer data based on five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

An international standard for information security management systems (ISMS) that specifies requirements for establishing, implementing, maintaining, and continually improving an organization's information security posture.

The NIST Digital Identity Guidelines that provide technical requirements and recommendations for digital identity services, defining Identity Assurance Levels (IAL), Authenticator Assurance Levels (AAL), and Federation Assurance Levels (FAL).

GDPR

A comprehensive EU regulation on data protection and privacy that establishes rules for how organizations collect, process, store, and transfer personal data of EU residents, with significant penalties for non-compliance.