IT Glossary | MSP, SOC, SLA, POPIA & 100+ Terms

Whether you are evaluating managed IT, preparing for compliance, or navigating security and cloud decisions, understanding the terminology helps. This glossary covers managed IT (MSP, SLA, RMM), security (SOC, SIEM, EDR, MFA, WAF, DLP), cloud (SaaS, IaaS, Kubernetes, FinOps), and compliance (POPIA, ISO 27001, King IV, PCI DSS). Where applicable, we link to official sources such as the Information Regulator and ISO so you can validate definitions and go deeper.

Managed IT

MSP: Managed Service Provider. A company that delivers ongoing IT management and support – monitoring, helpdesk, security, backup – typically on a per-user monthly fee. MSPs act as an outsourced IT department.
SLA: Service Level Agreement. A contract that defines expected performance, such as uptime percentage (e.g. 99.9%) and response times for support tickets. SLAs set clear expectations and often include remediation if targets are missed.
RMM: Remote Monitoring and Management. Software that MSPs use to monitor client systems, deploy patches, and manage endpoints remotely. Core tool for managed IT delivery.
PSA: Professional Services Automation. Software for MSPs to manage ticketing, billing, projects, and client documentation. Often paired with RMM for full MSP operations.
vCIO: Virtual Chief Information Officer. An outsourced or advisory role that provides strategic IT planning, budgeting, and technology roadmap guidance without a full-time executive hire.
Patch management: The process of deploying software updates and security patches to systems. Critical for closing vulnerabilities; often automated by MSPs.
Uptime: The percentage of time a system or service is available. SLA uptime (e.g. 99.9%) defines allowed downtime. 99.9% = ~8.76 hours downtime per year.
MTTR: Mean Time to Repair. Average time to restore a failed system or service. Used in SLAs and incident management metrics.
Co-managed IT: Hybrid model where an internal IT team works alongside an MSP. Internal handles day-to-day; MSP provides monitoring, security, backup, or overflow support.
Break-fix: Reactive IT support model: pay per incident when something breaks. No proactive monitoring. Contrast with managed IT (MSP).
Helpdesk: Central support team or system that handles user requests, incidents, and service tickets. MSPs typically provide helpdesk as part of managed IT services.
NOC: Network Operations Center. A team or facility that monitors IT infrastructure 24/7, handles alerts, and coordinates incident response. Often paired with SOC for full coverage.
Ticketing: System for logging, tracking, and resolving support requests. Tickets ensure nothing falls through the cracks and provide an audit trail for SLA compliance.
Asset management: Tracking and managing IT assets (hardware, software, licenses) across their lifecycle. Helps with budgeting, compliance, and security visibility.
MDM: Mobile Device Management. Software that manages, secures, and monitors smartphones and tablets. Enforces policies, remote wipe, and app deployment. Part of UEM.
UEM: Unified Endpoint Management. Single platform to manage desktops, laptops, mobile devices, and IoT. Extends MDM to all endpoints for consistent policy and visibility.
Incident response: The process of identifying, containing, and recovering from security or operational incidents. MSPs and SOCs follow defined playbooks for consistent response.
Proactive monitoring: Continuously watching systems for issues before users notice. Contrast with break-fix; enables faster resolution and prevents outages.

Security

SOC: Security Operations Center. A team or facility that monitors, detects, and responds to security threats 24/7. SOC-as-a-Service is an outsourced model where a provider delivers this capability without you building an in-house team.
SIEM: Security Information and Event Management. A platform that collects and analyses security logs from across your environment to detect threats and anomalies. SIEM is a core component of a SOC.
EDR: Endpoint Detection and Response. Software that monitors endpoints (laptops, servers) for suspicious activity, records behaviour, and enables rapid investigation and response to threats.
Penetration testing: Authorised simulated hacking to find security vulnerabilities before attackers do. Pen tests can cover external, internal, web applications, and network infrastructure.
IAM: Identity and Access Management. The practices and systems that control who can access what. Includes user provisioning, single sign-on (SSO), multi-factor authentication (MFA), and role-based access control.
MFA: Multi-Factor Authentication. Security that requires two or more factors to log in (e.g. password + SMS or token). MFA significantly reduces the risk of account compromise.
Zero Trust: A security model that assumes no trust by default. Every access request is verified regardless of where it comes from. "Never trust, always verify."
XDR: Extended Detection and Response. A unified security platform that correlates data from endpoints, email, cloud, and networks to detect and respond to threats across the entire environment.
SSO: Single Sign-On. Authentication that lets users log in once to access multiple applications. Reduces password fatigue and improves security when combined with MFA.
VPN: Virtual Private Network. Encrypted tunnel for remote access to corporate networks or to secure internet traffic. Essential for remote work and public Wi‑Fi security.
Phishing: Social engineering attack that uses emails or messages to trick users into revealing credentials or clicking malicious links. Often the first step in cyber attacks.
Ransomware: Malware that encrypts files and demands payment to restore access. Can cripple operations. Prevention requires backups, patching, and user awareness.
OWASP: Open Web Application Security Project. Non-profit that publishes the OWASP Top 10 (critical web vulnerabilities) and security guidance. Widely used for application security. Source: OWASP →
NIST: National Institute of Standards and Technology. US agency that publishes the Cybersecurity Framework and other security standards. Widely adopted by organisations globally. Source: NIST →
Vulnerability: A weakness in software or hardware that can be exploited by attackers. Patch management and vulnerability scanning help identify and fix them.
Encryption: Converting data into a format that only authorised parties can read. Protects data at rest (storage) and in transit (network). Essential for POPIA and security.
Two-factor authentication: Same as MFA. Requires two or more authentication factors (e.g. password + SMS or authenticator app) to reduce account compromise risk.
Firewall: Network security device that filters traffic based on rules. Blocks unauthorised access while allowing legitimate traffic. Can be hardware, software, or cloud-based.
Malware: Malicious software including viruses, trojans, spyware, and ransomware. Designed to damage, disrupt, or gain unauthorised access to systems.
DDoS: Distributed Denial of Service. Attack that floods a target with traffic from many sources to overwhelm and take it offline. Requires mitigation services to defend.
Social engineering: Manipulating people into divulging credentials or performing actions that compromise security. Phishing, pretexting, and baiting are common techniques.
CVE: Common Vulnerabilities and Exposures. A catalogue of known security vulnerabilities with unique identifiers. Used to track and prioritise patching. Source: CVE.org →
Zero-day: A vulnerability unknown to the vendor, with no patch available. Exploited before a fix exists. Zero-day attacks are among the most dangerous threats.
DLP: Data Loss Prevention. Tools and policies that prevent sensitive data from leaving the organisation. Monitors email, USB, cloud uploads, and network traffic.
IDS: Intrusion Detection System. Monitors network or host activity for malicious behaviour. Alerts on suspicious patterns; may work alongside IPS for automated blocking.
IPS: Intrusion Prevention System. Like IDS but can automatically block or mitigate threats. Sits inline in the network to stop attacks in real time.
WAF: Web Application Firewall. Protects web apps from attacks like SQL injection, XSS, and OWASP Top 10. Filters HTTP traffic before it reaches the application.
RBAC: Role-Based Access Control. Access permissions assigned by role (e.g. Admin, User, Viewer) rather than per user. Simplifies management and enforces least privilege.
Least privilege: Security principle: users and systems get only the minimum access needed. Reduces blast radius of compromise and limits accidental damage.
Threat intelligence: Information about current and emerging threats used to improve defences. Includes indicators of compromise (IOCs), attacker tactics, and vulnerability trends.
APT: Advanced Persistent Threat. Sophisticated, long-running attack by skilled adversaries (often nation-state or organised crime). Requires dedicated detection and response.
PKI: Public Key Infrastructure. Framework for managing digital certificates and public-key encryption. Used for SSL/TLS, code signing, and secure email.
SQL injection: Attack that injects malicious SQL into input fields to manipulate databases. In OWASP Top 10. Prevented by parameterised queries and input validation.
XSS: Cross-Site Scripting. Attack that injects malicious scripts into web pages viewed by others. In OWASP Top 10. Mitigated by output encoding and CSP.
Business email compromise: Scam targeting employees who handle payments. Impersonates executives or vendors to trick victims into wiring money. Training and verification reduce risk.

Cloud

FinOps: Financial Operations for cloud. The discipline of managing and optimising cloud spend through governance, visibility, and cost-conscious architecture decisions.
SaaS: Software as a Service. Cloud-delivered applications (e.g. Microsoft 365, Salesforce) accessed via the internet. You pay per user or subscription; the provider manages infrastructure.
IaaS: Infrastructure as a Service. Cloud-provided compute, storage, and networking (e.g. AWS, Azure). You manage the OS and applications; the provider manages the hardware.
PaaS: Platform as a Service. Cloud-delivered platform for developing and running applications (e.g. Azure App Service). The provider manages runtime and infrastructure.
Hybrid cloud: Combination of on-premises infrastructure and public/private cloud. Enables workload portability and gradual migration while keeping sensitive data on-prem.
Multi-cloud: Using multiple cloud providers (e.g. AWS, Azure, GCP) for different workloads. Avoids vendor lock-in but increases complexity. Requires strong governance.
Cloud migration: Moving workloads from on-premises to cloud. Can be lift-and-shift (rehost), refactor, or rebuild. Requires planning for cost, security, and performance.
Lift and shift: Migrating applications to cloud with minimal changes. Fast but may not optimise cost or performance. Good first step; refine later.
Container: Lightweight, portable unit for running applications. Packages code and dependencies. Docker and Kubernetes are common container technologies.
Kubernetes: Open-source platform for orchestrating containers. Manages deployment, scaling, and operations. The de facto standard for container orchestration.
Serverless: Cloud model where you run code without managing servers. Pay per execution. Examples: AWS Lambda, Azure Functions. Good for event-driven workloads.
CDN: Content Delivery Network. Distributed servers that cache content close to users for faster delivery. Reduces latency and offloads origin servers.
Availability zone: Isolated data centre within a cloud region. Deploying across zones improves resilience. Part of high-availability and DR design.
Region: Geographic area where a cloud provider operates data centres. Choosing a region affects latency, data residency (POPIA), and cost.

Compliance

POPIA: Protection of Personal Information Act. South Africa's data protection law. POPIA regulates how organisations collect, store, process, and share personal information and requires safeguards for data security. Source: Information Regulator →
ISO 27001: International standard for information security management systems (ISMS). Specifies requirements for establishing, implementing, and maintaining an ISMS. Widely used for certification. Source: ISO →
GDPR: General Data Protection Regulation. EU data protection law. South African businesses processing EU residents' data may need to comply; overlaps with POPIA concepts. Source: GDPR.eu →
King IV: South African corporate governance code. Covers IT governance, risk, and transparency. "Apply and explain" approach for listed companies and other organisations. Source: IoDSA →
Cybercrimes Act: South African legislation (Act 19 of 2020) that criminalises cybercrime and requires reporting of certain offences. Complements POPIA for data-related crimes. Source: Gov.za →
SOC 2: Service Organization Control 2. A framework for managing and reporting on security, availability, and confidentiality. Common for SaaS and cloud providers. Source: AICPA →
PCI DSS: Payment Card Industry Data Security Standard. Requirements for organisations that handle cardholder data. Mandatory for merchants and payment processors. Source: PCI SSC →
HIPAA: Health Insurance Portability and Accountability Act. US law governing protection of health information. Relevant for healthcare providers and their IT vendors.
Data retention: Policies defining how long data is kept before deletion or archival. Required for POPIA, GDPR, and industry regulations. Reduces risk and storage costs.
Audit trail: Log of who did what and when. Essential for compliance, forensics, and accountability. Systems should log access, changes, and security events.
Information Officer: Person responsible for POPIA compliance within an organisation. Must be registered with the Information Regulator. Ensures data protection practices. Source: Information Regulator →
PAIA: Promotion of Access to Information Act. South African law giving the right to access information held by public and private bodies. Complements POPIA. Source: Information Regulator →

General

RTO: Recovery Time Objective. The maximum acceptable time to restore a system or service after an outage. Used in business continuity and disaster recovery planning.
RPO: Recovery Point Objective. The maximum acceptable amount of data loss measured in time. For example, an RPO of 4 hours means you can tolerate losing up to 4 hours of data.
BCP: Business Continuity Planning. The process of preparing for and recovering from disruptions. BCP covers people, processes, and technology so critical operations can continue.
DR: Disaster Recovery. The technical side of recovering IT systems after a disaster. DR includes backup, replication, failover, and recovery procedures.
Backup: Copy of data stored separately for recovery. The 3-2-1 rule: 3 copies, 2 different media, 1 offsite. Essential for ransomware recovery and disaster recovery.
MTBF: Mean Time Between Failures. Average time between system failures. Used in reliability and availability planning.
API: Application Programming Interface. Allows applications to communicate. REST and GraphQL are common. Essential for integrations and modern architectures.
Endpoint: Device or node that connects to a network: laptops, desktops, servers, phones. Endpoint security (EDR, antivirus) protects these entry points.
Bandwidth: Maximum data transfer rate of a connection. Measured in Mbps or Gbps. Insufficient bandwidth causes slow applications and poor user experience.
Latency: Delay between request and response. Low latency is critical for real-time apps. Affected by distance, network quality, and server load.
Redundancy: Duplicate components (servers, links, power) so failure of one does not cause outage. N+1 or 2N are common redundancy designs.
Failover: Automatic switching to a backup system when the primary fails. Essential for high availability. Requires redundant systems and monitoring.
Load balancing: Distributing traffic across multiple servers to improve performance and availability. Hardware or software; often built into cloud services.
Virtualisation: Running multiple virtual machines (VMs) on one physical server. Improves utilisation, enables consolidation, and simplifies disaster recovery.
Hypervisor: Software that creates and runs VMs. Type 1 (bare metal) examples: VMware ESXi, Hyper-V. Type 2 runs on an OS: VirtualBox, VMware Workstation.
VM: Virtual Machine. Software emulation of a computer. Runs its own OS on shared hardware. Foundation of cloud IaaS and on-prem virtualisation.
ERP: Enterprise Resource Planning. Integrated software for finance, HR, supply chain, and operations. Examples: SAP, Microsoft Dynamics, Sage.
CRM: Customer Relationship Management. Software for managing sales, marketing, and customer service. Examples: Salesforce, HubSpot, Microsoft Dynamics 365.
Active Directory: Microsoft directory service for managing users, computers, and permissions. Central to Windows environments. Azure AD extends identity to the cloud.
DNS: Domain Name System. Translates domain names (e.g. example.com) to IP addresses. Critical internet infrastructure; DNS issues break connectivity.
DHCP: Dynamic Host Configuration Protocol. Automatically assigns IP addresses to devices on a network. Eliminates manual configuration and reduces errors.
SSD: Solid State Drive. Storage with no moving parts. Faster than HDDs for read/write. Standard for servers and high-performance workstations.
RAID: Redundant Array of Independent Disks. Combines disks for redundancy and/or performance. RAID 1 mirrors; RAID 5/6 provide parity. Protects against disk failure.

Official sources & frameworks

For authoritative definitions and guidance, refer to these regulators and standards bodies: