Practice regulatory compliance vocabulary: SOX controls, PCI-DSS cardholder data environment, HIPAA Protected Health Information, BAA, audit evidence, and compliance attestation.
0 / 5 completed
1 / 5
In SOX compliance, what is a 'SOX control'?
SOX controls are documented safeguards — such as approval workflows, access restrictions, and reconciliation procedures — that ensure the accuracy and integrity of financial reporting. They are assessed annually by auditors.
2 / 5
What is the 'cardholder data environment (CDE)' under PCI-DSS?
The CDE is the defined scope of systems and network segments that interact with payment card data. Limiting the CDE's scope is a common strategy to reduce PCI-DSS compliance burden.
3 / 5
Under HIPAA, what is 'Protected Health Information (PHI)'?
PHI is individually identifiable health information in any form — electronic, paper, or oral. It includes diagnoses, treatment records, and any information that could link health data to a specific person.
4 / 5
What is a 'Business Associate Agreement (BAA)' in a HIPAA context?
A BAA is a HIPAA-required contract between a covered entity (like a hospital) and a business associate (like a cloud provider storing PHI). It establishes the associate's obligations to protect PHI.
5 / 5
What does 'compliance attestation' mean in regulatory contexts?
Compliance attestation is a formal statement confirming that an organization meets the requirements of a given standard or regulation. For example, a PCI-DSS Report on Compliance (ROC) is an attestation by a Qualified Security Assessor.