Browse Definitions :

Compliance, risk and governance

This glossary contains definitions related to compliance. Some definitions explain the meaning of words used in compliance regulations. Other definitions are related to the strategies that compliance officers use to mitigate risk and create a manageable compliance infrastructure.

ACC - DIG

  • access governance (AG) - Access governance (AG) is an aspect of information technology (IT) security management that seeks to reduce the risks associated with excessive access rights, inactive users and orphan accounts.
  • access recertification - Access recertification is an information technology (IT) control that involves auditing user access rights to determine if they are correct and adhere to the organization’s internal policies and compliance regulations.
  • Accessible Transportation Technologies Research Initiative (ATTRI) - The Accessible Transportation Technologies Research Initiative (ATTRI) is a five-year, multi-agency research and development (R&D) program aimed at helping injured veterans, older adults and others in the United States with visual, hearing, cognitive and mobility challenges to plan and execute their travel using technology.
  • accountability - Accountability means being held responsible or answerable for one's actions (or perhaps lack of action where one should have been taken).
  • accounting error - What is an accounting error?An accounting error is a non-fraudulent discrepancy in financial documentation.
  • agreed-upon procedures (AUP) - Agreed-upon procedures are the standards a company or client outlines when it hires an external party to perform an audit on specific tests or business process and then report on the results.
  • Allscripts - Allscripts is a vendor of electronic health record systems for physician practices, hospitals and healthcare systems.
  • alternative fuel vehicle (AFV) - An alternative fuel vehicle (AFV) is a vehicle that runs on substances other than the conventional petroleum gas and diesel.
  • Amazon S3 - Amazon Simple Storage Service (Amazon S3) is a scalable, high-speed, web-based cloud storage service designed for online backup and archiving of data and applications on Amazon Web Services.
  • Americans with Disabilities Act (ADA) compliance - Americans with Disabilities Act (ADA) compliance is the adherence to the standards put forth forth in the United States legislation.
  • anti-competitive practice - An anti-competitive practice is an action conducted by one or more businesses to make it difficult or impossible for other companies to enter or succeed in their market.
  • antitrust - Antitrust is a group of laws established to regulate business practices in order to ensure that fair competition occurs in an open-market economy for the benefit of consumers.
  • audit log (AL) - An audit log is a document that records an event in an information (IT) technology system.
  • audit program (audit plan) - An audit program, also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate that an organization is in conformance with compliance regulations.
  • Bank Secrecy Act (BSA) - The Bank Secrecy Act (BSA), also known as the Currency and Foreign Transactions Reporting Act, is legislation passed by the United States Congress in 1970 that requires U.
  • Basel Committee on Banking Supervision (BCBS) - The Basel Committee on Banking Supervision (BCBS) is a group of international banking authorities who work to strengthen the regulation, supervision and practices of banks and improve financial stability worldwide.
  • Better Business Bureau (BBB) - The Better Business Bureau (BBB) is a non-profit accreditor of ethical businesses.
  • blackout period - A blackout period is a duration of time when access to something usually available is prohibited.
  • BREEAM (BRE Environmental Assessment Method) - BREEAM (BRE Environmental Assessment Method) is an environmental standard that rates the sustainability of buildings in the UK.
  • BS 10012:2009 (British Standard 10012:2009) - British Standard 10012:2009 (BS 10012:2009) is a standard enacted by the U.
  • business continuity and disaster recovery (BCDR) - Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for unforeseen risks to continued operations.
  • business continuity policy - Business continuity policy is the set of standards and guidelines an organization enforces to ensure resilience and proper risk management.
  • business sustainability - Business sustainability is the management and coordination of environmental, social and financial demands and concerns to ensure responsible, ethical and ongoing success.
  • California Security Breach Information Act (SB-1386) - In the United States, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information is compromised.
  • Can Spam Act of 2003 - The Can Spam Act of 2003 is a commonly used name for the United States Federal law more formally known as S.
  • Canadian anti-spam legislation (CASL) - Canadian anti-spam legislation (CASL) is enacted regulations that require marketers and fundraisers that communicate through email, text messages or social media to obtain permission from recipients in that country.
  • Capex (capital expenditure) - A capital expenditure (Capex) is money invested by a company to acquire or upgrade fixed, physical, non-consumable assets, such as buildings and equipment or a new business.
  • carbon tax - A carbon tax is a levy charged as a penalty for the emission of greenhouse gases, caused by burning hydrocarbons.
  • cartel - A cartel is a body of independent producers that work together to decide production levels and prices.
  • CCHIT - Certification Commission for Healthcare Information Technology - The Certification Commission for Healthcare Information Technology (CCHIT) is an independent, not-for-profit group that certifies electronic health records (EHR) and networks for health information exchange (HIE) in the United States.
  • CCO (Corporate or Chief Compliance Officer) - A Chief Compliance Officer (CCO) is a corporate official in charge of overseeing and managing compliance issues within an organization, ensuring, for example, that a company is complying with regulatory requirements and that the company and its employees are complying with internal policies and procedures.
  • Center for Internet Security (CIS) - The Center for Internet Security (CIS) is a nonprofit organization focused on improving public- and private-sector cybersecurity readiness and response.
  • CERT-In (the Indian Computer Emergency Response Team) - CERT-In (the Indian Computer Emergency Response Team) is a government-mandated information technology (IT) security organization.
  • Certified in the Governance of Enterprise IT (CGEIT) - Certified in the Governance of Enterprise IT (CGEIT) is a vendor-neutral certification for experienced tech professionals looking to expand their knowledge and skills in enterprise information technology (IT) governance.
  • Certified Information Systems Auditor (CISA) - Certified Information Systems Auditor is a credential that demonstrates an IT professional's ability to assess risk and institute technology controls.
  • Certified Information Systems Risk and Compliance Professional (CISRCP) - A Certified Information Systems Risk and Compliance Professional (CISRCP) is a person in the information technology (IT) field that has passed an examination on risk and compliance topics developed by the International Association of Risk and Compliance Professionals (IARCP).
  • chief data officer (CDO) - A chief data officer (CDO) is a C-level corporate executive who is responsible for an organization's data governance.
  • Chief Privacy Officer (CPO) - A chief privacy officer (CPO) is a corporate executive charged with developing and implementing policies designed to protect customer data from unauthorized access.
  • chief risk officer (CRO) - The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings.
  • chilling effect - The chilling effect is the suppression of free speech and legitimate forms of dissent among a population because of fear of repercussion.
  • CHIME (College of Healthcare Information Management Executives) - The College of Healthcare Information Management Executives (CHIME) is an organization created to serve the professional development needs of CIOs working in the healthcare industry and to promote effective information management within that industry.
  • Chip and PIN - Chip and PIN is a UK government-backed initiative to implement the EMV (Europay, Mastercard and Visa) standard for smart card payment authorization.
  • Class C2 - Class C2 is a security rating established by the U.
  • clean desk policy (CDP) - A clean desk policy (CDP) is a corporate directive that specifies how employees should leave their working space when they leave the office.
  • clinical decision support system (CDSS) - A clinical decision support system (CDSS) is an application that analyzes data to help healthcare providers make decisions and improve patient care.
  • clinical trial - A clinical trial, also known as a clinical research study, is a protocol to evaluate the effects and efficacy of experimental medical treatments or behavioral interventions on health outcomes.
  • CloudAudit - CloudAudit is a specification for the presentation of information about how a cloud computing service provider addresses control frameworks.
  • COBIT 5 - COBIT 5 is the fifth iteration of a popular framework that's used for managing and governing information technology (IT).
  • Code of Connection (CoCo) - In the U.K.
  • commercial electronic message (CEM) - A commercial electronic message (CEM) is a communication soliciting business, funding or support for something that is sent through any electronic channel, including email, social media, voicemail, text and instant messages.
  • commercial motor vehicle (CMV) - A commercial motor vehicle (CMV) is any vehicle used to transport goods or passengers for the profit of an individual or business.
  • Committee on Trade and Environment (CTE) - The Committee on Trade and the Environment (CTE) is a group within the World Trade Organization (WTO) tasked with identifying and understanding the balance of environmental concerns against the interests of international trade.
  • Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS) - Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS) is program for evaluating IT products' conformance to international IT security standards.
  • competition law - Competition law is the body of legislation intended to prevent market distortion caused by anti-competitive practices on the part of businesses.
  • competitive intelligence (CI) - Competitive intelligence (CI) is the gathering of publicly-available information about an enterprise's competitors and the use of that information to gain a business advantage.
  • compliance - Compliance is the act of being in alignment with guidelines, regulations and/or legislation.
  • compliance audit - A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.
  • compliance automation - Compliance automation, also known as automated compliance, is a category of software applications that use artificial intelligence (AI) features and technology to simplify compliance procedures.
  • compliance burden - Compliance burden, also called regulatory burden, is the administrative cost of a regulation in terms of dollars, time and complexity.
  • compliance framework - A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation.
  • compliance risk - Compliance risk is exposure to legal penalties, financial forfeiture and material loss an organization faces when it fails to act in accordance with industry laws and regulations, internal policies or prescribed best practices.
  • compliance validation - In compliance, validation is a formal procedure to determine how well an official or prescribed plan or course of action is being carried out.
  • computational law - Computational law is the area of legal informatics focusing on the automation of formerly manual processes and the integration of legal information with other applications and systems.
  • Computer Fraud and Abuse Act (CFAA) - The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that made it a federal crime to access a protected computer without proper authorization.
  • concentration ratio (CR) - A concentration ratio (CR) is a metric used in economics to express the distribution of companies in a particular industry relative to the size of the market.
  • confidentiality - Confidentiality is a set of rules or a promise that limits access or places restrictions on certain types of information.
  • conformance - In information technology, a state or acts of adherence to a certain specification, standard, or guideline.
  • container (disambiguation) - This page explains how the term container is used in software development, storage, data center management and mobile device management.
  • content marketing - Content marketing is the publication of material designed to promote a brand, usually through a more oblique and subtle approach than that of traditional push advertising.
  • content services platform - A content services platform is cloud-based SaaS software that enables users to create, share, collaborate on and store text, audio and video content.
  • contingency plan - In business continuity and risk management, a contingency plan is a process that prepares an organization to respond coherently to an unplanned event.
  • Continuity of Care Record (CCR) - The Continuity of Care Record, or CCR, is a standard for the creation of electronic summaries of patient health.
  • control framework - A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk.
  • cooperative (co-op) - A cooperative, often shortened to “co-op,” is a business that is owned and operated by and for the benefit of its members.
  • COPPA (Children's Online Privacy Protection Act ) - The Children's Online Privacy Protection Act (COPPA) is a law passed by the U.
  • copyright - Copyright is a legal term describing ownership of control of the rights to the use and distribution of certain works of creative expression, including books, video, movies, music and computer programs.
  • corporate activism - Corporate activism is a public stance taken by a major company to positively impact social change or legislation.
  • corporate governance - Corporate governance is the combination of rules, processes or laws by which businesses are operated, regulated or controlled.
  • corporate performance - Corporate performance is a composite assessment of how well an organization executes on its most important parameters, typically financial, market and shareholder performance.
  • corporate social responsibility (CSR) - Corporate social responsibility is an umbrella term used to describe voluntary corporate initiatives concerned with community development, the environment and human rights.
  • corporation (C corporation, C corp) - A corporation is a large and complex organization that is owned by its shareholders and governed by a board of directors.
  • Credit CARD Act (Credit Card Accountability, Responsibility, and Disclosure Act of 2009) - The Credit CARD Act is legislation governing the behavior of credit card companies in the United States.
  • critical infrastructure - Critical infrastructure is the body of systems, networks and assets that are so essential that their continued operation is required to ensure the security of a given nation, its economy, and the public’s health and/or safety.
  • cybersecurity - Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks.
  • data breach - A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.
  • data classification - Data classification is the process of organizing data into categories for its most effective and efficient use.
  • data life cycle management (DLM) - Data life cycle management (DLM) is a policy-based approach to managing the flow of an information system's data throughout its life cycle: from creation and initial storage to the time when it becomes obsolete and is deleted.
  • data masking - Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training.
  • data privacy (information privacy) - Data privacy, also called information privacy, is the aspect of information technology (IT) that deals with the ability an organization or individual has to determine what data in a computer system can be shared with third parties.
  • Data Protection Bill 2017 - The Data Protection Bill 2017 is legislation that will replace the Data Protection Act of 1998.
  • data protection management (DPM) - Data protection management (DPM) is the administration of backup processes to ensure that tasks run on schedule, and that data is securely backed up and recoverable.
  • Data Security Council of India (DSCI) - The Data Security Council of India (DSCI) is a not-for-profit organization created to promote the country as a secure destination for information technology (IT) outsourcing.
  • data sovereignty - Data sovereignty is the concept that information which has been converted and stored in binary digital form is subject to the laws of the country in which it is located.
  • Daylight Saving Time patch - A Daylight Saving Time patch is a modular piece of code created to update systems, devices and programs for compatibility with new start and end dates for Daylight Saving Time (DST) in the United States, Canada and Bermuda.
  • Deferred Action for Childhood Arrivals (DACA) - Deferred Action for Childhood Arrivals (DACA) is a program run by the United States Department of Homeland Security which allowed specific illegal immigrants who came to the country as children, known as Dreamers, to defer removal action for two years, a time period which could then be renewed.

-ADS BY GOOGLE

SearchCompliance

  • California Consumer Privacy Act (CCPA)

    The California Consumer Privacy Act (CCPA) is legislation in the state of California that supports an individual's right to ...

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

SearchSecurity

  • endpoint detection and response (EDR)

    Endpoint detection and response (EDR) is a category of tools and technology used for protecting computer hardware devices–called ...

  • ransomware

    Ransomware is a subset of malware in which the data on a victim's computer is locked, typically by encryption, and payment is ...

  • single sign-on (SSO)

    Single sign-on (SSO) is a session and user authentication service that permits an end user to enter one set of login credentials ...

SearchHealthIT

SearchDisasterRecovery

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

  • business continuity software

    Business continuity software is an application or suite designed to make business continuity planning/business continuity ...

SearchStorage

  • blockchain storage

    Blockchain storage is a way of saving data in a decentralized network which utilizes the unused hard disk space of users across ...

  • disk mirroring (RAID 1)

    RAID 1 is one of the most common RAID levels and the most reliable. Data is written to two places simultaneously, so if one disk ...

  • RAID controller

    A RAID controller is a hardware device or software program used to manage hard disk drives (HDDs) or solid-state drives (SSDs) in...

Close