Glossary

Compensating Control

A compensating control is a backup security measure - when you cannot use a lock, you might use a guard instead.

What is Compensating Control?

An alternative security measure implemented when the standard control cannot be applied, providing equivalent protection.

Why Should You Care?

Compensating controls enable compliance when standard controls are not feasible. They must be documented and approved.

Is your business exposed?

Real-World Example

A system cannot implement encryption at rest, so compensating controls include network segmentation and enhanced monitoring.

How to Protect Against Compensating Control

  1. 1.

    Document compensating controls with justification

  2. 2.

    Review compensating control effectiveness regularly

Related Terms

Exception Management, Risk Treatment, Compliance

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices