Browse Definitions :

Compliance, risk and governance

This glossary contains definitions related to compliance. Some definitions explain the meaning of words used in compliance regulations. Other definitions are related to the strategies that compliance officers use to mitigate risk and create a manageable compliance infrastructure.

ENT - PRI

  • enterprise document management (EDM) - Enterprise document management (EDM) is a strategy for overseeing an organization's paper and electronic documents so they can be easily retrieved in the event of a compliance audit or subpoena.
  • enterprise information management (EIM) - Enterprise information management (EIM) is the set of business processes, disciplines and practices used to manage the information created from an organization's data as an enterprise asset.
  • enterprise risk management (ERM) - Enterprise risk management is the process of planning, organizing, directing and controlling the activities of an organization to minimize the deleterious effects of risk on its capital and earnings.
  • environmental, social and governance (ESG) - Environmental, social and governance (ESG) is a term used to represent an organization's corporate financial interests that focus mainly on sustainable and ethical impacts.
  • Event log management software (ELMS) - Event log management software (ELMS) is an application used to monitor change management and prepare for compliance audits at enterprises.
  • event log manager (ELM) - An event log manager (ELM) is an application that tracks changes in an organization's IT infrastructure.
  • express consent - Express consent is permission for something that is given specifically, either verbally or in writing.
  • FACTA (Fair and Accurate Credit Transactions Act) - FACTA (Fair and Accurate Credit Transactions Act) is an amendment to FCRA (Fair Credit Reporting Act ) that was added, primarily, to protect consumers from identity theft.
  • Fair Credit Reporting Act (FCRA) - The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies.
  • Fair Information Practices (FIP) - FIP (Fair Information Practices) is a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy.
  • FCC (Federal Communications Commission) - The FCC (Federal Communications Commission) is the government body responsible for maintaining laws, censorship and broadcast licensing pertaining to interstate and international communications in the United States.
  • Federal Information Security Management Act (FISMA) - The Federal Information Security Management Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information, operations and assets.
  • FERPA (Family Educational Rights and Privacy Act of 1974) - FERPA (Family Educational Rights and Privacy Act of 1974) is legislation that protects the privacy of students' personally identifiable information (PII).
  • file shredder - A file shredder, also known as a virtual or digital shredder, is a program designed to render computer-based files unreadable, just as a conventional shredder makes physical documents unreadable.
  • Financial Industry Regulatory Authority (FINRA) - The Financial Industry Regulatory Authority (FINRA) is an independent regulator securities firms doing business in the United States.
  • financial planning and analysis (FP&A) - Financial planning and analysis (FP&A) is the budgeting, forecasting and analytical processes that support an organization's financial health and business strategy.
  • foreign qualification - Foreign qualification is the process that a corporation or limited liability corportation (LLC) in the United States follows to carry out business legally in a state other than the one where the corporation was incorporated.
  • forensic image - A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders and unallocated, free and slack space.
  • FPCA (Foreign Corrupt Practices Act) - The Foreign Corrupt Practices Act (FCPA) is a federal U.
  • freedom of expression - Freedom of expression is the right of individuals and organizations to exchange information without fear of repercussion or censorship.
  • FTC (Federal Trade Commission) - The FTC (Federal Trade Commission) is a United States federal regulatory agency designed to monitor and prevent anticompetitive, deceptive or unfair business practices.
  • full-disk encryption (FDE) - What is full-disk encryption (FDE)?Full-disk encryption (FDE) is encryption at the hardware level.
  • future proofing - Future proofing is the attempt to make something impervious to the challenges that it is likely to encounter as time passes.
  • GAAP (generally accepted accounting principles) - GAAP (generally accepted accounting principles) is a collection of commonly followed accounting rules and standards for financial reporting.
  • GAFA (the big four) - GAFA is an acronym for Google, Apple, Facebook and Amazon (the second and fourth companies are sometimes reversed in order).
  • gag order - A gag order is a stipulation that those so-ordered will not divulge information learned in a particular situation, such as a court, a public office or a corporate environment.
  • Generally Accepted Recordkeeping Principles (the Principles) - Generally Accepted Recordkeeping Principles is a framework for managing records in a way that supports an organization's immediate and future regulatory, legal, risk mitigation, environmental and operational requirements.
  • geolocation - Geolocation is the detection of the physical location of an Internet connected computing device.
  • good automated manufacturing practice (GAMP) - Good automated manufacturing practice (GAMP) is a set of guidelines manufacturers and other automation users follow to maintain operational efficiency and reliability.
  • governance, risk management and compliance (GRC) - Governance, risk and compliance (GRC) refers to an organization's strategy for handling the interdependencies between corporate governance policies, enterprise risk management (ERM) programs, and regulatory and company compliance.
  • Government Accountability Office (GAO) - The U.S.
  • Government Information Security Reform Act - The Government Information Security Reform Act (formerly known as the Thompson-Liebermann Act) is a federal law that required U.
  • Gramm-Leach-Bliley Act (GLBA) - The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways financial institutions deal with the private information of individuals.
  • greenwashing - Greenwashing is the practice of making an unsubstantiated or misleading claim about the environmental benefits of a product, service, technology or company practice.
  • hard drive shredder - A hard drive shredder is a mechanical device that physically destroys old hard drives in such a way that the data they contain cannot be recovered.
  • hate speech - Hate speech is a verbal or written communication expressing a generalized negative opinion about a particular demographic, sometimes attacking an individual as a member of that group.
  • Health IT (health information technology) - Health IT (health information technology) is the area of IT involving the design, development, creation, use and maintenance of information systems for the healthcare industry.
  • HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 - The HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 is legislation that was created to stimulate the adoption of electronic health records (EHR) and the supporting technology in the United States.
  • HITSP - HITSP (Healthcare Information Technology Standards Panel) is an organization created to promote standardization and broad scale interoperability among healthcare applications and information systems.
  • human resource management (HRM) - Human resource management (HRM) is the practice of recruiting, hiring, deploying and managing an organization's employees.
  • IBM OpenPages - IBM OpenPages is a governance, risk and compliance (GRC) platform that centralizes services and components associated with the challenges and management of regulatory initiatives.
  • ICD-9-CM (International Classification of Diseases, Ninth Revision, Clinical Modification) - ICD-9-CM is the current medical coding standard used in hospitals in the United States.
  • implied consent - Implied consent is an assumption of permission to do something that is inferred from an individual's actions rather than explicitly provided.
  • index fund - An index fund is a type of mutual fund collection that follows the trend of a given security or market index, which represents a number of sectors of a market and offers comprehensive exposure to several markets.
  • information governance - Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and metrics that treat information as a valuable business asset.
  • information lifecycle management (ILM) - Information lifecycle management (ILM) is a comprehensive approach to managing an organization's data and associated metadata, starting with its creation and acquisition through when it becomes obsolete and is deleted.
  • Information Technology Amendment Act 2008 (IT Act 2008) - The Information Technology Amendment Act 2008 (IT Act 2008) is a substantial addition to India's Information Technology Act 2000.
  • intellectual property (IP) - Intellectual property (IP) is a term for any intangible asset -- something proprietary that doesn't exist as a physical object but has value.
  • internal control - An internal control is a business practice, policy or procedure that is established within an organization to create value or minimize risk.
  • International Accounting Standards Board - The International Accounting Standards Board is the independent standard-setting body of the IFRS Foundation.
  • Internet Engineering Task Force (IETF) - The Internet Engineering Task Force (IETF) is the body that defines standard operating internet protocols such as TCP/IP.
  • ISAE 3402 - ISAE (International Standards for Assurance Engagements) 3402 is a global assurance standard for reporting on controls at service organizations.
  • ISO 22317 (International Standards Organization 22317) - ISO 22317 is the first formal standard to address the business impact analysis process.
  • ISO 31000 Risk Management - The ISO 31000 Risk Management framework is an international standard that provides businesses with guidelines and principles for risk management from the International Organization for Standardization.
  • ISO/IEC 17799: Code of Practice for Information Security Management - ISO/IEC 17799: Code of Practice for Information Security Management is a generic set of best practices for the security of information systems.
  • ISO/IEC 38500 - ISO/IEC 38500 is an international standard created to guide corporate governance of information technology (IT).
  • IT audit (information technology audit) - An IT audit is the examination and evaluation of an organization's information technology infrastructure, policies and operations.
  • IT incident management - IT incident management is an area of IT service management (ITSM) wherein the IT team returns a service to normal as quickly as possible after a disruption, in a way that aims to create as little negative impact on the business as possible.
  • ITAR and EAR compliance - The International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) are two important United States export control laws that affect the manufacturing, sales and distribution of technology.
  • ITIL (Information Technology Infrastructure Library) - ITIL (Information Technology Infrastructure Library) is a framework designed to standardize the selection, planning, delivery, maintenance and overall lifecycle of IT services within a business.
  • key risk indicator (KRI) - A key risk indicator (KRI) is a metric for measuring the likelihood that the combined probability of an event and its consequence will exceed the organization's risk appetite and have a profoundly negative impact on an organization's ability to be successful.
  • knowledge process outsourcing (KPO) - Knowledge process outsourcing (KPO) is the allocation of relatively high-level tasks to an outside organization or a different group within the same organization.
  • known known - A known known is information that is fully studied and well understood, so that an individual or organization can have confidence in its comprehension and relevance.
  • Kyoto Protocol - The Kyoto Protocol, also known as the Kyoto Accord, is an international treaty among industrialized nations that sets mandatory limits on greenhouse gas emissions.
  • limitation of liability clause - A limitation of liability clause is the section in a service-level agreement (SLA) that specifies the amounts and types of damages that each party will be obliged to provide to the other in particular circumstances.
  • limited liability company (LLC) - A limited liability company (LLC) is a hybrid unincorporated business structure that combines the pass-through tax model of partnerships and sole proprietorships with the protection of individual assets provided by the C corporation.
  • litigation hold (legal hold, preservation order or hold order) - A litigation hold -- also known as legal hold, preservation order or hold order -- is an internal process that an organization undergoes to preserve all data that might relate to a legal action involving the organization.
  • log (log file) - A log, in a computing context, is the automatically produced and time-stamped documentation of events relevant to a particular system.
  • log management - Log management is the collective processes and policies used to administer and facilitate the generation, transmission, analysis, storage, archiving and ultimate disposal of the large volumes of log data created within an information system.
  • managed file transfer (MFT) - Managed file transfer (MFT) is a type of software used to provide secure internal, external and ad-hoc data transfers through a network.
  • market concentration - Market concentration is the distribution of a given market among the participating companies.
  • mass notification system (MNS) - A mass notification system is a platform that sends one-way messages to inform employees and the public of an emergency.
  • Massachusetts data protection law - What is the Massachusetts data protection law?The Massachusetts data protection law is legislation that stipulates security requirements for organizations that handle the private data of residents.
  • metadata security - Metadata is defined as “data about data.
  • Microsoft Operations Framework (MOF) - Microsoft Operations Framework (MOF) is a series of 23 documents that guide IT professionals through the processes of creating, implementing and managing efficient and cost-effective services.
  • NASSCOM (National Association of Software and Services Companies) - The National Association of Software and Services Companies (NASSCOM) is a not-for-profit Indian consortium created to promote the development of the country's IT (information technology) and business process outsourcing (BPO) industries.
  • non-renewable resource - A non-renewable resource is one that either does not regenerate or does not regenerate quickly enough to serve some human purpose in a sustainable way.
  • North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) - The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America.
  • oligopoly - An oligopoly is a small group of companies that dominate a given market.
  • ONC (Office of the National Coordinator for Health Information Technology) - The Office of the National Coordinator for Health Information Technology, abbreviated ONC, is an entity within the U.
  • operational costs - Definition - In information technology, operational costs document the price of running of IT services on a day-to-day basis.
  • operational level agreement (OLA) - An operational level agreement (OLA) is a contract that defines how various IT groups within a company plan to deliver a service or set of services.
  • operational risk - Operational risk is the risk of losses caused by flawed or failed processes, policies, systems or events that disrupt business operations.
  • Opex (operational expenditure) - An operational expenditure (Opex) is the money a company spends on an ongoing, day-to-day basis in order to run a business or system.
  • opposition research (oppo) - Opposition research, also known as oppo research and sometimes just oppo, is the process of seeking out information to use against an adversary such as a political opponent or business competitor.
  • opt-out - Opt-out communications are messages sent for marketing, promotion or fundraising that include an option for the recipient to be removed from any future messages.
  • PA-DSS (Payment Application Data Security Standard) - Payment Application Data Security Standard (PA-DSS) is a set of requirements intended to help software vendors develop secure payment applications for credit card transactions.
  • PCAOB (Public Company Accounting Oversight Board) - The Public Company Accounting Oversight Board (PCAOB) is a Congressionally-established nonprofit that assesses audits of public companies in the United States to protect investors' interests.
  • PCI assessment - A PCI assessment is an audit of the 12 credit card transaction compliance requirements required by the Payment Card Industry Data Security Standard.
  • PCI DSS 12 requirements - PCI DSS 12 requirements is a set of security controls that businesses are required to implement to protect credit card data and comply with the Payment Card Industry Data Security Standard (PCI DSS).
  • PCI DSS 2.0 - PCI DSS 2.0 (Payment Card Industry Data Security Standard Version 2.
  • PCI DSS compliance (Payment Card Industry Data Security Standard compliance) - Payment Card Industry Data Security Standard (PCI DSS) compliance is adherence to the set of policies and procedures developed to protect credit, debit and cash card transactions and prevent the misuse of cardholders' personal information.
  • PCI DSS merchant levels - Merchant levels are used by the payment card industry (PCI) to determine risk levels and determine the appropriate level of security for their businesses.
  • PCI gap assessment - A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS).
  • PCI policy - A PCI policy is a type of security policy that covers how an organization addresses the 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS).
  • PCI QSA - Payment Card Industry Qualified Security Assessor (PCI QSA) is a designation conferred by the PCI Security Standards Council to individuals it deems qualified to perform PCI assessments and consulting services.
  • PCI Security Standards Council - The PCI Security Standards Council is an organization created by the major credit card companies in an effort to better protect credit card holder data.
  • personally identifiable information (PII) - Personally identifiable information (PII) is any data that could potentially identify a specific individual.
  • policy engine - A policy engine is a software component that allows an organization to create, monitor and enforce rules about how network resources and the organization's data can be accessed.
  • predictive coding - Predictive coding software can be used to automate portions of an e-discovery document review.
SearchNetworking
  • network packet

    A network packet is a basic unit of data that's grouped together and transferred over a computer network, typically a ...

  • virtual network functions (VNFs)

    Virtual network functions (VNFs) are virtualized tasks formerly carried out by proprietary, dedicated hardware.

  • network functions virtualization (NFV)

    Network functions virtualization (NFV) is a network architecture model designed to virtualize network services that have ...

SearchSecurity
SearchCIO
SearchHRSoftware
  • recruitment

    Recruitment is the process of finding, screening, hiring and eventually onboarding qualified job candidates.

  • recruitment management system

    A recruitment management system (RMS) is a set of tools designed to manage the recruiting process.

  • applicant tracking system (ATS)

    An applicant tracking system (ATS) is software that manages the recruiting and hiring process, including job postings and job ...

SearchCustomerExperience
  • data clean room

    A data clean room is a technology service that helps content platforms keep first person user data private when interacting with ...

  • recommerce

    Recommerce is the selling of previously owned items through online marketplaces to buyers who reuse, recycle or resell them.

  • implementation

    Implementation is the execution or practice of a plan, a method or any design, idea, model, specification, standard or policy for...

Close