Browse Definitions :

Compliance, risk and governance

This glossary contains definitions related to compliance. Some definitions explain the meaning of words used in compliance regulations. Other definitions are related to the strategies that compliance officers use to mitigate risk and create a manageable compliance infrastructure.

E-P - NAT

  • e-prescribing (electronic prescribing) - E-prescribing, or electronic prescribing is a technology framework that allows physicians and other medical practitioners to write and send prescriptions to a participating pharmacy electronically instead of using handwritten or faxed notes or calling in prescriptions.
  • e-prescribing (eRx) incentive program - The Electronic Prescribing (eRx) Incentive Program is a US government program that provides financial incentives to physicians, practitioners and therapists who meet certain criteria for the use of qualified e-prescribing systems.
  • EDRM (electronic discovery reference model) - The Electronic Discovery Reference Model (EDRM) is a framework that outlines standards for the recovery and discovery and of digital data.
  • Electronic Commerce (EC Directive) Regulations 2002 - The Electronic Commerce (EC Directive) Regulations 2002 establishes legal rules that online retailers and service providers must comply with when dealing with consumers in the 27 member countries of the European Union (EU).
  • Electronic Communications Privacy Act (ECPA) - The Electronic Communications Privacy Act (ECPA) is a United States federal statute that prohibits a third party from intercepting or disclosing communications without authorization.
  • electronic logging device (ELD) - An electronic logging device (ELD) is electronic hardware used to record the working hours of a commercially-operated motor vehicle.
  • Electronic Signatures in Global and National Commerce Act (e-signature bill) - The Electronic Signatures in Global and National Commerce Act (often referred to as the e-signature bill) specifies that in the United States, the use of a digital signature is as legally valid as a traditional signature written in ink on paper.
  • electronically stored information (ESI) - Electronically stored information (ESI) is data created, altered, communicated and stored in digital form.
  • encryption key management - Encryption key management is the administration of tasks involved with protecting, storing, backing up and organizing encryption keys.
  • Encyclopedia of Ethical Failure (EEF) - The Encyclopedia of Ethical Failure (EEF) is a series of case studies that illustrates poor judgement on the part of United States federal employees.
  • enterprise document management (EDM) - Enterprise document management (EDM) is a strategy for overseeing an organization's paper and electronic documents so they can be easily retrieved in the event of a compliance audit or subpoena.
  • enterprise information management (EIM) - Enterprise information management (EIM) is the set of business processes, disciplines and practices used to manage the information created from an organization's data as an enterprise asset.
  • enterprise risk management (ERM) - Enterprise risk management is the process of planning, organizing, directing and controlling the activities of an organization to minimize the deleterious effects of risk on its capital and earnings.
  • enterprise search - There are a number of kinds of enterprise search including local installations, hosted versions, and search appliances, sometimes called “search in a box.
  • Equal Employment Opportunity Commission (EEOC) - The Equal Employment Opportunity Commission (EEOC) is a federal agency of the United States government that is responsible for enforcing civil rights laws against workplace discrimination.
  • EU Transparency Directive (European Union Transparency Directive) - The European Union (EU) Transparency Directive requires companies that trade securities on regulated markets in EU member states to publish financial information on a pan-European basis.
  • Event log management software (ELMS) - Event log management software (ELMS) is an application used to monitor change management and prepare for compliance audits at enterprises.
  • event log manager (ELM) - An event log manager (ELM) is an application that tracks changes in an organization's IT infrastructure.
  • express consent - Express consent is permission for something that is given specifically, either verbally or in writing.
  • FACTA (Fair and Accurate Credit Transactions Act) - FACTA (Fair and Accurate Credit Transactions Act) is an amendment to FCRA (Fair Credit Reporting Act ) that was added, primarily, to protect consumers from identity theft.
  • Fair Credit Reporting Act (FCRA) - The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies.
  • Fair Information Practices (FIP) - FIP (Fair Information Practices) is a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy.
  • Fair Labor Standards Act - The Fair Labor Standards Act (FLSA) is a United States federal labor law that ensures the rights of workers.
  • FCC (Federal Communications Commission) - The FCC (Federal Communications Commission) is the government body responsible for maintaining laws, censorship and broadcast licensing pertaining to interstate and international communications in the United States.
  • Federal Information Security Management Act (FISMA) - The Federal Information Security Management Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information, operations and assets.
  • FERPA (Family Educational Rights and Privacy Act of 1974) - FERPA (Family Educational Rights and Privacy Act of 1974) is legislation that protects the privacy of students' personally identifiable information (PII).
  • file shredder - A file shredder, also known as a virtual or digital shredder, is a program designed to render computer-based files unreadable, just as a conventional shredder makes physical documents unreadable.
  • Financial Crimes Enforcement Network (FinCEN) - Financial Crimes Enforcement Network (FinCEN) is a bureau of the United States Department of the Treasury.
  • Financial Industry Regulatory Authority (FINRA) - The Financial Industry Regulatory Authority (FINRA) is an independent regulator securities firms doing business in the United States.
  • financial planning and analysis (FP&A) - Financial planning and analysis (FP&A) is the budgeting, forecasting and analytical processes that support an organization's financial health and business strategy.
  • First Amendment to the Constitution - The First Amendment to the United States Constitution is one of a group of ten additions to the original document that provided a framework for law within the country.
  • foreign qualification - Foreign qualification is the process that a corporation or limited liability corportation (LLC) in the United States follows to carry out business legally in a state other than the one where the corporation was incorporated.
  • forensic image - A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders and unallocated, free and slack space.
  • FPCA (Foreign Corrupt Practices Act) - The Foreign Corrupt Practices Act (FCPA) is a federal U.
  • freedom of expression - Freedom of expression is the right of individuals and organizations to exchange information without fear of repercussion or censorship.
  • Freedom on the Net report - Freedom on the Net is an annual report on the extent to which people in countries around the globe can publish and access Internet content without undue restriction and have their rights respected.
  • fruit of a poisonous tree - Fruit of the poisonous tree is a legal doctrine according to which any secondary evidence obtained from a source accessed through through illicit means is inadmissible in court.
  • FTC (Federal Trade Commission) - The FTC (Federal Trade Commission) is a United States federal regulatory agency designed to monitor and prevent anticompetitive, deceptive or unfair business practices.
  • full-disk encryption (FDE) - What is full-disk encryption (FDE)?Full-disk encryption (FDE) is encryption at the hardware level.
  • future proofing - Future proofing is the attempt to make something impervious to the challenges that it is likely to encounter as time passes.
  • GAAP (generally accepted accounting principles) - GAAP (pronounced "gap"), which stands for "generally accepted accounting principles," is a collection of commonly followed accounting rules and standards for financial reporting.
  • GAFA (the big four) - GAFA is an acronym for Google, Apple, Facebook and Amazon (the second and fourth companies are sometimes reversed in order).
  • gag order - A gag order is a stipulation that those so-ordered will not divulge information learned in a particular situation, such as a court, a public office or a corporate environment.
  • gazumping - Gazumping is when a seller accepts an offer from a buyer only to accept an increased offer from another buyer and sells to the second party.
  • Generally Accepted Recordkeeping Principles (the Principles) - Generally Accepted Recordkeeping Principles is a framework for managing records in a way that supports an organization's immediate and future regulatory, legal, risk mitigation, environmental and operational requirements.
  • geolocation - Geolocation is the detection of the physical location of an Internet connected computing device.
  • golden parachute - A golden parachute is a severance agreement that provides an executive with a substantial package upon termination, usually in the event of a takeover or merger.
  • good automated manufacturing practice (GAMP) - Good automated manufacturing practice (GAMP) is a set of guidelines manufacturers and other automation users follow to maintain operational efficiency and reliability.
  • governance, risk management and compliance (GRC) - Governance, risk and compliance (GRC) refers to an organization's strategy for handling the interdependencies between corporate governance policies, enterprise risk management (ERM) programs, and regulatory and company compliance.
  • Government Accountability Office (GAO) - The U.S.
  • Government Information Security Reform Act - The Government Information Security Reform Act (formerly known as the Thompson-Liebermann Act) is a federal law that required U.
  • Gramm-Leach-Bliley Act (GLBA) - The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways financial institutions deal with the private information of individuals.
  • greenwashing - Greenwashing is the practice of making an unsubstantiated or misleading claim about the environmental benefits of a product, service, technology or company practice.
  • hard drive shredder - A hard drive shredder is a mechanical device that physically destroys old hard drives in such a way that the data they contain cannot be recovered.
  • hate speech - Hate speech is a verbal or written communication expressing a generalized negative opinion about a particular demographic, sometimes attacking an individual as a member of that group.
  • Health IT (health information technology) - Health IT (health information technology) is the area of IT involving the design, development, creation, use and maintenance of information systems for the healthcare industry.
  • HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 - The HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 is legislation that was created to stimulate the adoption of electronic health records (EHR) and the supporting technology in the United States.
  • HITSP - HITSP (Healthcare Information Technology Standards Panel) is an organization created to promote standardization and broad scale interoperability among healthcare applications and information systems.
  • human resource management (HRM) - Human resource management (HRM) is the practice of recruiting, hiring, deploying and managing an organization's employees.
  • IBM OpenPages - IBM OpenPages is a governance, risk and compliance (GRC) platform that centralizes services and components associated with the challenges and management of regulatory initiatives.
  • ICD-9-CM (International Classification of Diseases, Ninth Revision, Clinical Modification) - ICD-9-CM is the current medical coding standard used in hospitals in the United States.
  • implied consent - Implied consent is an assumption of permission to do something that is inferred from an individual's actions rather than explicitly provided.
  • index fund - An index fund is a type of mutual fund collection that follows the trend of a given security or market index, which represents a number of sectors of a market and offers comprehensive exposure to several markets.
  • information governance - Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and metrics that treat information as a valuable business asset.
  • information life cycle management (ILM) - Information life cycle management (ILM) is a comprehensive approach to managing the flow of an information system's data and associated metadata from creation and initial storage to the time when it becomes obsolete and is deleted.
  • insider trading - Insider trading is the buying and selling of securities based on information that has not been made available to the general public.
  • intellectual property (IP) - Intellectual property (IP) is a term for any intangible asset -- something proprietary that doesn't exist as a physical object but has value.
  • internal control - An internal control is a business practice, policy or procedure that is established within an organization to create value or minimize risk.
  • International Accounting Standards Board - The International Accounting Standards Board is the independent standard-setting body of the IFRS Foundation.
  • international financial reporting standards (IFRS) - International financial reporting standards (IFRS) are specific organizational and monetary standards and frameworks for financial reporting that have been adopted in 113 countries including India, Australia and the European Union.
  • Internet Engineering Task Force (IETF) - The Internet Engineering Task Force (IETF) is the body that defines standard operating internet protocols such as TCP/IP.
  • ISAE 3402 - ISAE (International Standards for Assurance Engagements) 3402 is a global assurance standard for reporting on controls at service organizations.
  • ISO 22317 (International Standards Organization 22317) - ISO 22317 is the first formal standard to address the business impact analysis process.
  • ISO 31000 Risk Management - The ISO 31000 Risk Management framework is an international standard that provides businesses with guidelines and principles for risk management from the International Organization for Standardization.
  • ISO/IEC 17799: Code of Practice for Information Security Management - ISO/IEC 17799: Code of Practice for Information Security Management is a generic set of best practices for the security of information systems.
  • IT audit (information technology audit) - An IT audit is the examination and evaluation of an organization's information technology infrastructure, policies and operations.
  • IT incident management - IT incident management is an area of IT service management (ITSM) wherein the IT team returns a service to normal as quickly as possible after a disruption, in a way that aims to create as little negative impact on the business as possible.
  • ITAR and EAR compliance - The International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) are two important United States export control laws that affect the manufacturing, sales and distribution of technology.
  • ITIL (Information Technology Infrastructure Library) - The ITIL (Information Technology Infrastructure Library) is a framework designed to standardize the selection, planning, delivery, maintenance, and overall lifecycle of IT services within a business.
  • JOBS Act (Jumpstart Our Business Startups Act) - The JOBS Act (Jumpstart Our Business Startups Act) is legislation that eases regulatory restrictions for new businesses to make it easier for startups to get established.
  • key risk indicator (KRI) - A key risk indicator (KRI) is a metric for measuring the likelihood that the combined probability of an event and its consequence will exceed the organization's risk appetite and have a profoundly negative impact on an organization's ability to be successful.
  • knowledge process outsourcing (KPO) - Knowledge process outsourcing (KPO) is the allocation of relatively high-level tasks to an outside organization or a different group within the same organization.
  • known known - A known known is information that is fully studied and well understood, so that an individual or organization can have confidence in its comprehension and relevance.
  • Kyoto Protocol - The Kyoto Protocol, also known as the Kyoto Accord, is an international treaty among industrialized nations that sets mandatory limits on greenhouse gas emissions.
  • limitation of liability clause - A limitation of liability clause is the section in a service-level agreement (SLA) that specifies the amounts and types of damages that each party will be obliged to provide to the other in particular circumstances.
  • limited liability company (LLC) - A limited liability company (LLC) is a hybrid unincorporated business structure that combines the pass-through tax model of partnerships and sole proprietorships with the protection of individual assets provided by the C corporation.
  • litigation hold (preservation orders or hold orders) - Litigation hold is a stipulation requiring a company to preserve all data that may relate to a legal action involving the company.
  • log (log file) - A log, in a computing context, is the automatically produced and time-stamped documentation of events relevant to a particular system.
  • log management - Log management is the collective processes and policies used to administer and facilitate the generation, transmission, analysis, storage, archiving and ultimate disposal of the large volumes of log data created within an information system.
  • managed file transfer (MFT) - Managed file transfer (MFT) is a type of software used to provide secure internal, external and ad-hoc data transfers through a network.
  • market concentration - Market concentration is the distribution of a given market among the participating companies.
  • mass notification system (MNS) - A mass notification system is a platform that sends one-way messages to inform employees and the public of an emergency.
  • Massachusetts data protection law - What is the Massachusetts data protection law?The Massachusetts data protection law is legislation that stipulates security requirements for organizations that handle the private data of residents.
  • metadata security - Metadata is defined as “data about data.
  • Microsoft Operations Framework (MOF) - Microsoft Operations Framework (MOF) is a series of 23 documents that guide IT professionals through the processes of creating, implementing and managing efficient and cost-effective services.
  • MiFID (Markets in Financial Instruments Directive) - MiFID (the Markets in Financial Instruments Directive) is legislation for the regulation of investment services within the European Economic Area.
  • mobile governance - Mobile governance refers to the processes and policies used to manage mobile device access to an organization's network or its data.
  • monopoly - Monopolies may result from a lack of competing companies in a given market or a limited number of companies that are strong competitors.
  • NASSCOM (National Association of Software and Services Companies) - The National Association of Software and Services Companies (NASSCOM) is a not-for-profit Indian consortium created to promote the development of the country's IT (information technology) and business process outsourcing (BPO) industries.
  • National Highway Traffic Safety Administration (NHTSA) - The National Highway Traffic Safety Administration (NHTSA) is a federal agency of the United States government tasked with upholding regulatory safety standards in automobile manufacturing and the highway transportation system.
SearchCompliance
  • ISO 31000 Risk Management

    The ISO 31000 Risk Management framework is an international standard that provides businesses with guidelines and principles for ...

  • pure risk

    Pure risk refers to risks that are beyond human control and result in a loss or no loss with no possibility of financial gain.

  • risk reporting

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

SearchSecurity
SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • fault-tolerant

    Fault-tolerant technology is a capability of a computer system, electronic system or network to deliver uninterrupted service, ...

  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

SearchStorage
Close