Browse Definitions :

Compliance, risk and governance

This glossary contains definitions related to compliance. Some definitions explain the meaning of words used in compliance regulations. Other definitions are related to the strategies that compliance officers use to mitigate risk and create a manageable compliance infrastructure.

DIG - INT

  • digital due process - Digital due process is an adaptation and extension of that legal concept to protect the rights of individuals with regard to online communications.
  • Digital Millennium Copyright Act (DMCA) - The Digital Millennium Copyright Act (DMCA) is a controversial United States digital rights management (DRM) law enacted October 28, 1998 by then-President Bill Clinton.
  • digital rights management (DRM) - Digital rights management (DRM) is a systematic approach to copyright protection for digital media.
  • direct digital marketing (DDM) - Direct digital marketing (DDM) is the electronic delivery of relevant communications to specific recipients.
  • disaster recovery plan (DRP) - A company's disaster recovery policy is enhanced with a documented DR plan that formulates strategies, and outlines preparation work and testing.
  • discovery mailbox - A discovery mailbox is used to perform e-discovery searches for Exchange Server and Exchange Online environments.
  • disk image - A disk image is a copy of the entire contents of a storage device, such as a hard drive, DVD, or CD.
  • document capture - Document capture is any one of several processes used to convert a physical document to another format, typically a digital representation.
  • document sanitization - In addition to making sure the document text doesn’t openly divulge anything it shouldn’t, document sanitization includes removing document metadata that could pose a privacy or security risk.
  • Dodd-Frank Act - The Dodd-Frank Act (fully known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) is a United States federal law that places regulation of the financial industry in the hands of the government.
  • Dossia - Dossia is a Web-based framework for storing and managing personal health records (PHR).
  • due process - Due process is a legal principle designed to protect the rights of citizens to fair treatment at the hands of the government.
  • duopoly - A duopoly is a scenario in which two companies dominate the market for a product or service.
  • e-prescribing (electronic prescribing) - E-prescribing, or electronic prescribing is a technology framework that allows physicians and other medical practitioners to write and send prescriptions to a participating pharmacy electronically instead of using handwritten or faxed notes or calling in prescriptions.
  • e-prescribing (eRx) incentive program - The Electronic Prescribing (eRx) Incentive Program is a US government program that provides financial incentives to physicians, practitioners and therapists who meet certain criteria for the use of qualified e-prescribing systems.
  • EDRM (electronic discovery reference model) - The Electronic Discovery Reference Model (EDRM) is a framework that outlines standards for the recovery and discovery and of digital data.
  • Electronic Commerce (EC Directive) Regulations 2002 - The Electronic Commerce (EC Directive) Regulations 2002 establishes legal rules that online retailers and service providers must comply with when dealing with consumers in the 27 member countries of the European Union (EU).
  • Electronic Communications Privacy Act (ECPA) - The Electronic Communications Privacy Act (ECPA) is a United States federal statute that prohibits a third party from intercepting or disclosing communications without authorization.
  • electronic logging device (ELD) - An electronic logging device (ELD) is electronic hardware used to record the working hours of a commercially-operated motor vehicle.
  • Electronic Signatures in Global and National Commerce Act (e-signature bill) - The Electronic Signatures in Global and National Commerce Act (often referred to as the e-signature bill) specifies that in the United States, the use of a digital signature is as legally valid as a traditional signature written in ink on paper.
  • electronically stored information (ESI) - Electronically stored information (ESI) is data created, altered, communicated and stored in digital form.
  • emerging growth company - An emerging growth company is a business with total annual gross revenues under $1 billion for the most recently ended fiscal year, as indicated on the business income statement presentation according to U.
  • encryption key management - Encryption key management is the administration of tasks involved with protecting, storing, backing up and organizing encryption keys.
  • Encyclopedia of Ethical Failure (EEF) - The Encyclopedia of Ethical Failure (EEF) is a series of case studies that illustrates poor judgement on the part of United States federal employees.
  • enterprise content management (ECM) - Enterprise content management (ECM) is a set of defined processes, strategies and tools that allow a business to effectively obtain, organize, store and deliver critical information to its employees, business stakeholders and customers.
  • enterprise document management (EDM) - Enterprise document management is a strategy for overseeing an organization's paper and electronic documents so they can be easily retrieved in the event of a compliance audit or subpoena.
  • enterprise information management (EIM) - Enterprise information management (EIM) is the set of business processes, disciplines and practices used to manage the information created from an organization's data as an enterprise asset.
  • enterprise search - There are a number of kinds of enterprise search including local installations, hosted versions, and search appliances, sometimes called “search in a box.
  • Equal Employment Opportunity Commission (EEOC) - The Equal Employment Opportunity Commission (EEOC) is a federal agency of the United States government that is responsible for enforcing civil rights laws against workplace discrimination.
  • EU Transparency Directive (European Union Transparency Directive) - The European Union (EU) Transparency Directive requires companies that trade securities on regulated markets in EU member states to publish financial information on a pan-European basis.
  • Event log management software (ELMS) - Event log management software (ELMS) is an application used to monitor change management and prepare for compliance audits at enterprises.
  • event log manager (ELM) - An event log manager (ELM) is an application that tracks changes in an organization's IT infrastructure.
  • express consent - Express consent is permission for something that is given specifically, either verbally or in writing.
  • FACTA (Fair and Accurate Credit Transactions Act) - FACTA (Fair and Accurate Credit Transactions Act) is an amendment to FCRA (Fair Credit Reporting Act ) that was added, primarily, to protect consumers from identity theft.
  • Fair Credit Reporting Act (FCRA) - The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies.
  • Fair Information Practices (FIP) - FIP (Fair Information Practices) is a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy.
  • Fair Labor Standards Act - The Fair Labor Standards Act (FLSA) is a United States federal labor law that ensures the rights of workers.
  • FCC (Federal Communications Commission) - The FCC (Federal Communications Commission) is the government body responsible for maintaining laws, censorship and broadcast licensing pertaining to interstate and international communications in the United States.
  • FCRA (Fair Credit Reporting Act) - FCRA (Fair Credit Reporting Act) is a United States Law that regulates how consumer credit information is collected, used and shared.
  • Federal Desktop Core Configuration (FDCC) - Federal Desktop Core Configuration (FDCC) is a checklist for mandatory configuration settings on desktop and laptop computers owned by the United States government.
  • Federal Information Security Management Act (FISMA) - The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats.
  • Federal Rules of Civil Procedure (FRCP) - The Federal Rules of Civil Procedure (FRCP) are rules that specify procedures for civil legal suits within United States federal courts.
  • FERPA (Family Educational Rights and Privacy Act of 1974) - FERPA (Family Educational Rights and Privacy Act of 1974) is legislation that protects the privacy of students' personally identifiable information (PII).
  • file shredder - A file shredder, also known as a virtual or digital shredder, is a program designed to render computer-based files unreadable, just as a conventional shredder makes physical documents unreadable.
  • Financial Crimes Enforcement Network (FinCEN) - Financial Crimes Enforcement Network (FinCEN) is a bureau of the United States Department of the Treasury.
  • Financial Industry Regulatory Authority (FINRA) - The Financial Industry Regulatory Authority (FINRA) is an independent regulator securities firms doing business in the United States.
  • financial planning and analysis (FP&A) - Financial planning and analysis (FP&A) is the budgeting, forecasting and analytical processes that support an organization's financial health and business strategy.
  • First Amendment to the Constitution - The First Amendment to the United States Constitution is one of a group of ten additions to the original document that provided a framework for law within the country.
  • forensic - Forensic, in a general sense, means "related to or used in courts of law" or "used for formal public debate or discussion.
  • forensic image - A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders and unallocated, free and slack space.
  • FPCA (Foreign Corrupt Practices Act) - The Foreign Corrupt Practices Act (FCPA) is a federal U.
  • FRCP Rule 41 - FRPC Rule 41 is the part of the United States Federal Rules of Criminal Procedure that covers the search and seizure of physical and digital evidence.
  • freedom of expression - Freedom of expression is the right of individuals and organizations to exchange information without fear of repercussion or censorship.
  • Freedom of Information Act 2000 - The Freedom of Information Act 2000 is an act of the United Kingdom (UK) Parliament defining the ways in which the public may obtain access to government-held information.
  • Freedom on the Net report - Freedom on the Net is an annual report on the extent to which people in countries around the globe can publish and access Internet content without undue restriction and have their rights respected.
  • fruit of a poisonous tree - Fruit of the poisonous tree is a legal doctrine according to which any secondary evidence obtained from a source accessed through through illicit means is inadmissible in court.
  • FTC (Federal Trade Commission) - The FTC (Federal Trade Commission) is a United States federal regulatory agency designed to monitor and prevent anticompetitive, deceptive or unfair business practices.
  • full-disk encryption (FDE) - What is full-disk encryption (FDE)?Full-disk encryption (FDE) is encryption at the hardware level.
  • GAAP (generally accepted accounting principles) - GAAP (pronounced "gap"), which stands for "generally accepted accounting principles," is a collection of commonly followed accounting rules and standards for financial reporting.
  • GAFA (the Big Four) - GAFA is an acronym for Google, Apple, Facebook and Amazon (the second and fourth companies are sometimes reversed in order).
  • gag order - A gag order is a stipulation that those so-ordered will not divulge information learned in a particular situation, such as a court, a public office or a corporate environment.
  • gazumping - Gazumping is when a seller accepts an offer from a buyer only to accept an increased offer from another buyer and sells to the second party.
  • Generally Accepted Recordkeeping Principles (the Principles) - Generally Accepted Recordkeeping Principles is a framework for managing records in a way that supports an organization's immediate and future regulatory, legal, risk mitigation, environmental and operational requirements.
  • geolocation - Geolocation is the detection of the physical location of an Internet connected computing device.
  • golden parachute - A golden parachute is a severance agreement that provides an executive with a substantial package upon termination, usually in the event of a takeover or merger.
  • good automated manufacturing practice (GAMP) - Good automated manufacturing practice (GAMP) is a set of guidelines manufacturers and other automation users follow to maintain operational efficiency and reliability.
  • Governance, Risk and Compliance (GRC) - Governance, risk and compliance (GRC) is a combined area of focus developed to cover an organization's strategy to handle any interdependencies between the three components.
  • Government Accountability Office (GAO) - The U.S.
  • Government Information Security Reform Act - The Government Information Security Reform Act (formerly known as the Thompson-Liebermann Act) is a federal law that required U.
  • Gramm-Leach-Bliley Act (GLBA) - The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals.
  • green collar - Green collar is any kind of employment that involves products or services that are environmentally friendly.
  • greenwashing - Greenwashing is the practice of making an unsubstantiated or misleading claim about the environmental benefits of a product, service, technology or company practice.
  • hard drive shredder - A hard drive shredder is a mechanical device that physically destroys old hard drives in such a way that the data they contain cannot be recovered.
  • hate speech - Hate speech is a verbal or written communication expressing a generalized negative opinion about a particular demographic, sometimes attacking an individual as a member of that group.
  • Health IT (health information technology) - Health IT (health information technology) is the area of IT involving the design, development, creation, use and maintenance of information systems for the healthcare industry.
  • HIPAA business associate - As defined by the Health Information Portability and Accountability Act (HIPAA), a business associate is any organization or person working in association with or providing services to a covered entity who handles or discloses Personal Health Information (PHI) or Personal Health Records (PHR).
  • HIPAA covered entity - A HIPAA covered entity is any organization or corporation that directly handles Personal Health Information (PHI) or Personal Health Records (PHR).
  • HIPAA Privacy Rule - The Standards for Privacy of Individually Identifiable Health Information, commonly known as the HIPAA Privacy Rule, establishes the first national standards to protect patients' personal health information.
  • HIPAA Security Rule - The Security Standards for the Protection of Electronic Protected Health Information, commonly known as the HIPAA Security Rule, establishes national standards for securing patient data that is stored or transferred electronically.
  • HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 - The HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 is legislation that was created to stimulate the adoption of electronic health records (EHR) and the supporting technology in the United States.
  • HITSP - HITSP (Healthcare Information Technology Standards Panel) is an organization created to promote standardization and broad scale interoperability among healthcare applications and information systems.
  • homologation - Homologation is the certification of a product to indicate that it meets regulatory standards.
  • HSPD-7 (Homeland Security Presidential Directive No. 7) - HSPD-7 (Homeland Security Presidential Directive No.
  • human resource management (HRM) - Human resource management (HRM) is the practice of recruiting, hiring, deploying and managing an organization's employees.
  • I-SPY Act -- Internet Spyware Prevention Act of 2005 (H.R. 744) - The I-SPY Act, formally known as the Internet Spyware Prevention Act of 2005 (H.
  • IBM OpenPages - IBM OpenPages is a governance, risk and compliance (GRC) platform that centralizes services and components associated with the challenges and management of regulatory initiatives.
  • ICD-9-CM (International Classification of Diseases, Ninth Revision, Clinical Modification) - ICD-9-CM is the current medical coding standard used in hospitals in the United States.
  • IFRS (International Financial Reporting Standards) - IFRS (International Financial Reporting Standards) is a set of accounting standards developed by an independent, not-for profit organization called the International Accounting Standards Board (IASB).
  • implied consent - Implied consent is an assumption of permission to do something that is inferred from an individual's actions rather than explicitly provided.
  • index fund - An index fund is a type of mutual fund collection that follows the trend of a given security or market index, which represents a number of sectors of a market and offers comprehensive exposure to several markets.
  • information governance - Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and metrics that treat information as a valuable business asset.
  • information life cycle management (ILM) - Information life cycle management (ILM) is a comprehensive approach to managing the flow of an information system's data and associated metadata from creation and initial storage to the time when it becomes obsolete and is deleted.
  • insider trading - Insider trading is the buying and selling of securities based on information that has not been made available to the general public.
  • integrated access management (IAM) - Integrated access management (IAM) is a combination of business processes, policies and technologies that allows organizations to provide secure access to confidential data.
  • intellectual property (IP) - Intellectual property (IP) is a term for any intangible asset -- something proprietary that doesn't exist as a physical object but has value.
  • internal control - An internal control is a business practice, policy or procedure that is established within an organization to create value or minimize risk.
  • International Accounting Standards Board - The International Accounting Standards Board is the independent standard-setting body of the IFRS Foundation.
  • international financial reporting standards (IFRS) - International financial reporting standards (IFRS) are specific organizational and monetary standards and frameworks for financial reporting that have been adopted in 113 countries including India, Australia and the European Union.

-ADS BY GOOGLE

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • Port Scan

    A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services ...

  • DMZ (networking)

    In computer networks, a DMZ (demilitarized zone), also sometimes known as a perimeter network or a screened subnetwork, is a ...

  • quantum supremacy

    Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classic computers by ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

Close