Term · 4. Roles, Policies & Access Rights
Compliance
Definition
Adherence to applicable laws, regulations, standards, and internal policies governing identity and access management. Common identity-related frameworks: SOX (financial reporting controls), HIPAA (healthcare), PCI DSS (payment cards), GDPR (privacy), NIS2/DORA (EU cybersecurity), SOC 2 (service org controls).
- Application
- MidPoint: Fulfillment of a requirement, or a system of requirements.
Related terms
-
Audit
Independent examination of identity controls, processes, and records to verify compliance with policy and regulatory req …
-
Audit Trail
Chronological record of identity events — authentication, authorization decisions, provisioning actions, configuration c …
-
Access Certification (AC)
Periodic review process where designated reviewers (managers, role owners, application owners) attest that users still n …
-
HITRUST CSF (Common Security Framework) (HITRUST)
Healthcare-focused certifiable framework consolidating HIPAA, HITECH, NIST, ISO 27001, PCI DSS, GDPR, and 40+ other auth …
-
HR Policy
Policies governing identity lifecycle based on HR data — what triggers provisioning, what role mapping applies, what app …
-
Identity Governance (IG)
Discipline of policies, processes, and oversight ensuring identities have appropriate access — no more, no less — throug …