Security & Compliance Glossary

Risk Management Frameworks: Complete Guide for 2026

A practical guide to risk management frameworks — what they are, the most widely used frameworks (ISO 31000, NIST RMF, COSO ERM, ISO 27005), how to choose one, and how they connect to compliance requirements like NIS2, DORA, and ISO 27001.

2026-03-07 · By Orbiq Team

Compliance Automation: How to Automate Security Compliance in 2026

A practical guide to compliance automation — what it is, what it automates, how it differs from GRC tools, which frameworks it supports (ISO 27001, SOC 2, NIS2, DORA), and how to evaluate compliance automation platforms.

2026-03-07 · By Orbiq Team

Third-Party Risk Management (TPRM): The Complete Guide for 2026

A practical guide to third-party risk management — what it is, why it matters, how to build a TPRM programme, key frameworks and regulations (NIS2, DORA, ISO 27001), and how to move from manual vendor assessments to scalable trust operations.

2026-03-07 · By Orbiq Team

Information Security Policy: What It Is, What to Include, and How to Write One

A practical guide to information security policies — what they are, why they matter, what to include, how to write one that meets ISO 27001, NIS2, and SOC 2 requirements, and how to keep it effective beyond the initial certification.

2026-03-07 · By Orbiq Team

Vendor Risk Assessment: How to Evaluate Third-Party Security in 2026

A practical guide to vendor risk assessments — what they are, when to conduct them, what to evaluate, how to score vendor risk, and how to meet ISO 27001, NIS2, and DORA third-party requirements.

2026-03-07 · By Orbiq Team

ISMS: What Is an Information Security Management System?

A practical guide to Information Security Management Systems (ISMS) — what they are, how they work, what ISO 27001 requires, how to implement one, and how an ISMS relates to NIS2, DORA, and SOC 2 compliance.

2026-03-07 · By Orbiq Team

SOC 2 Compliance: What It Is, Who Needs It, and How to Get Certified

A practical guide to SOC 2 compliance — what it is, how it differs from ISO 27001, what the Trust Services Criteria require, how the audit process works, and what European companies need to know about SOC 2 in a NIS2 and DORA world.

2026-03-07 · By Orbiq Team

ISO 27001 Certification: What It Is, What It Requires, and How to Get Certified

A practical guide to ISO 27001 certification — what it covers, how the audit works, what Annex A controls require, how it relates to NIS2 and DORA, and what European companies need to know about achieving and maintaining certification.

2026-03-07 · By Orbiq Team

Security Questionnaires: What They Are, How to Handle Them, and How to Automate Responses

A practical guide to security questionnaires — what they are, why buyers send them, what they typically ask, how to respond efficiently, and how automation and Trust Centers are replacing the manual questionnaire process.

2026-03-07 · By Orbiq Team

Trust Center: What It Is, Why You Need One, and How to Build It

A practical guide to Trust Centers — what they are, how they differ from GRC tools, what to publish, how they accelerate B2B sales, and why European companies need one for NIS2, DORA, and enterprise buyer requirements.

2026-03-07 · By Orbiq Team

Data Sovereignty: What It Means, Why It Matters, and How European Companies Achieve It

A practical guide to data sovereignty — what it is, how it differs from data residency and data localisation, why EU regulations demand it, and how European companies ensure sovereign control over their data.

2026-03-07 · By Orbiq Team

Penetration Testing: What It Is, How It Works, and Why B2B Companies Need It

A practical guide to penetration testing — what it is, the different types, how the process works, how often to test, what to do with results, and how pen testing fits into compliance frameworks like ISO 27001, SOC 2, NIS2, and DORA.

2026-03-07 · By Orbiq Team

GDPR Compliance: What It Requires, How to Achieve It, and What B2B Companies Must Know

A practical guide to GDPR compliance — what the regulation requires, how it applies to B2B SaaS companies, key obligations around data processing, data subject rights, international transfers, and how to demonstrate compliance to enterprise buyers.

2026-03-07 · By Orbiq Team

Incident Response: What It Is, How to Build a Plan, and What B2B Companies Must Know

A practical guide to incident response — what it involves, how to build an incident response plan, the phases of handling security incidents, regulatory requirements under NIS2, DORA, and ISO 27001, and how to communicate incidents to customers and regulators.

2026-03-07 · By Orbiq Team

NIS2 Compliance: What It Requires, Who It Affects, and How B2B Companies Can Prepare

A practical guide to NIS2 compliance — what the directive requires, which organisations are affected, key obligations around risk management, incident reporting, supply chain security, and how to demonstrate compliance to regulators and buyers.

2026-03-07 · By Orbiq Team

DORA Compliance: What the Regulation Requires, Who It Affects, and How to Prepare

A practical guide to DORA compliance — what the Digital Operational Resilience Act requires, which financial entities and ICT providers are affected, key obligations around ICT risk management, incident reporting, resilience testing, and third-party risk management.

2026-03-07 · By Orbiq Team

Cyber Resilience Act (CRA): What It Requires, Who It Affects, and How to Prepare

A practical guide to the EU Cyber Resilience Act — what the CRA requires for products with digital elements, who is affected, essential security requirements, conformity assessment procedures, and how software vendors can prepare.

2026-03-07 · By Orbiq Team

Zero Trust Architecture: What It Is, Core Principles, and How to Implement It

A practical guide to Zero Trust architecture — what it is, how it differs from perimeter-based security, core principles like least privilege and micro-segmentation, implementation frameworks, and how B2B companies can adopt Zero Trust to meet compliance requirements.

2026-03-07 · By Orbiq Team

Cloud Security Posture Management (CSPM): What It Is, Why It Matters, and How to Implement It

A practical guide to Cloud Security Posture Management — what CSPM is, how it detects misconfigurations, core capabilities, how it fits into cloud security architecture, and how B2B SaaS companies can use CSPM to meet compliance requirements.

2026-03-07 · By Orbiq Team

Supply Chain Security: What It Is, Why It Matters, and How to Manage Supply Chain Risk

A practical guide to supply chain security — what it is, why supply chain attacks are increasing, key risk categories, how to assess and manage third-party risk, regulatory requirements under NIS2 and DORA, and how B2B companies can build resilient supply chains.

2026-03-07 · By Orbiq Team

Business Continuity Planning (BCP): What It Is, Why It Matters, and How to Build a BCP

A practical guide to Business Continuity Planning — what BCP is, how it differs from disaster recovery, key components of a business continuity plan, how BCP maps to ISO 27001, NIS2, and DORA requirements, and how B2B companies can build resilience against disruptions.

2026-03-07 · By Orbiq Team

Security Audit: What It Is, Types, Process, and How to Prepare

A practical guide to security audits — what they are, types of security audits (internal, external, compliance), the audit process, how to prepare for ISO 27001, SOC 2, and NIS2 audits, and how B2B companies can use audit readiness as a competitive advantage.

2026-03-07 · By Orbiq Team

Access Control: What It Is, Models, Best Practices, and Compliance Requirements

A practical guide to access control — what it is, access control models (RBAC, ABAC, MAC, DAC), the principle of least privilege, how access control maps to ISO 27001, SOC 2, NIS2, and DORA requirements, and how B2B companies can implement effective access management.

2026-03-07 · By Orbiq Team

Security Awareness Training: What It Is, Why It Matters, and How to Build an Effective Programme

A practical guide to security awareness training — what it is, why it matters for compliance and risk reduction, key topics to cover, how to measure effectiveness, compliance requirements under ISO 27001, SOC 2, NIS2, and DORA, and how B2B companies can build a security-conscious culture.

2026-03-07 · By Orbiq Team

Data Classification: What It Is, Levels, Frameworks, and How to Implement It

A practical guide to data classification — what it is, classification levels, how to build a data classification scheme, regulatory requirements under ISO 27001, SOC 2, NIS2, GDPR, and DORA, and how B2B companies can use data classification to improve security and demonstrate compliance.

2026-03-07 · By Orbiq Team