Browse Definitions :

Compliance, risk and governance

This glossary contains definitions related to compliance. Some definitions explain the meaning of words used in compliance regulations. Other definitions are related to the strategies that compliance officers use to mitigate risk and create a manageable compliance infrastructure.

PRO - XCC

  • problem list - A problem list is a document that states the most important health problems facing a patient such as nontransitive illnesses or diseases, injuries suffered by the patient, and anything else that has affected the patient or is currently ongoing with the patient.
  • protected health information (PHI) or personal health information - Protected health information (PHI), also referred to as personal health information, is the demographic information, medical histories, test and laboratory results, mental health conditions, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate care.
  • PTO (paid time off, personal time off) - Paid time off (PTO) is a human resource management (HRM) policy that provides employees with a pool of bankable hours that can be used for any purpose.
  • Public Relations Society of America (PRSA) - The Public Relations Society of America (PRSA) is the world's largest association for public relations (PR) professionals, overseeing more than 21,000 members.
  • public sector - The public sector is the segment of an economic system that is controlled by government; it contrasts with the private sector, which is run by private citizens.
  • pure risk - Pure risk refers to risks that are beyond human control and result in a loss or no loss with no possibility of financial gain.
  • Qualified Security Assessor (QSA) - A Qualified Security Assessor (QSA) is a person who has been certified by the PCI Security Standards Council to audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance.
  • quiet period - A quiet period is a measure of time during which corporate insiders are restricted from disclosing information relative to the performance or prospective performance of a company before that information is made public.
  • records management - Records management (RM) is the administration of records and documented information for the entirety of its lifecycle, which includes creation, maintenance, use, storage, retrieval and disposal.
  • Red Flags Rule (RFR) - The Red Flags Rule (RFR) is a set of United States federal regulations that require certain businesses and organizations to develop and implement documented plans to protect consumers from identity theft.
  • Reduce, reuse, recycle (R3) - Reduce, reuse and recycle (R3) are the three essential components of environmentally-responsible consumer behavior.
  • RegTech - RegTech, or regulatory technology, is a term used to describe technology that is used to help streamline the process of regulatory compliance.
  • Regulation Fair Disclosure (Regulation FD or Reg FD) - Regulation Fair Disclosure is a rule passed by the U.
  • Regulation SCI (Regulation Systems Compliance and Integrity) - Regulation SCI is a set of compliance rules designed by the SEC to monitor and regulate the technology infrastructure of U.
  • regulatory compliance - Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business processes.
  • relationship marketing - Relationship marketing is a customer relationship management strategy designed to encourage strong, lasting customer connections to a brand.
  • remote deposit capture (RDC) - Remote deposit capture (RDC) is a system that allows a customer to scan checks remotely and transmit the check images to a bank for deposit, usually via an encrypted Internet connection.
  • removable media - Removable media is any type of storage device that can be removed from a computer while the system is running.
  • Report on Compliance (ROC) - A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS (Payment Card Industry Data Security Standard) audit.
  • residual risk - Residual risk is the risk that remains after efforts to identify and eliminate some or all types of risk have been made.
  • risk assessment - Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.
  • risk assessment framework (RAF) - A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.
  • risk avoidance - Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization and its assets.
  • risk exposure - Risk exposure is the quantified potential loss from business activities currently underway or planned.
  • risk intelligence (RQ) - Risk intelligence (RQ) is a term used to describe predictions made around uncertainties and future threat probabilities.
  • risk map (risk heat map) - A risk map (risk heat map) is a data visualization tool for communicating specific risks an organization faces.
  • risk profile - A risk profile is a quantitative analysis of the types of threats an organization, asset, project or individual faces.
  • risk reporting - Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.
  • Sarbanes-Oxley Act - The Sarbanes-Oxley Act of 2002 is a federal law that established sweeping auditing and financial regulations for public companies.
  • Sarbanes-Oxley Act (SOX) Section 404 - Sarbanes-Oxley Act (SOX) Section 404 mandates that all publicly traded companies must establish internal controls and procedures for financial reporting and must document, test, and maintain those controls and procedures to ensure their effectiveness.
  • Secure Electronic Transaction (SET) - Secure Electronic Transaction (SET) is a system and electronic protocol to ensure the integrity and security of transactions conducted over the internet.
  • Securities and Exchange Commission (SEC) - The Securities and Exchange Commission (SEC) is the U.
  • security audit - A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to an established set of criteria.
  • security information management (SIM) - Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources.
  • segregation of duties (SoD) - Segregation of duties (SoD) is an internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task.
  • sensitive information - Sensitive information is data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization.
  • serious reportable event (SRE) - A serious reportable event (SRE) is an incident involving death or serious harm to a patient resulting from a lapse or error in a healthcare facility.
  • seven wastes - The seven wastes are categories of unproductive manufacturing practices identified by Taiichi Ohno, the father of the Toyota Production System (TPS).
  • severance agreement - A severance agreement is a contract between an employer and employee documenting the rights and responsibilities of both parties in the event of job termination.
  • shadow app - A shadow app is a software program that is not supported by an employee's information technology (IT) department.
  • shadow IT - Shadow IT is hardware or software that is not supported by an organization's IT department.
  • Shared Assessments Program - Shared Assessments is a third party risk membership program that provides organizations with a way to obtain a detailed report about a service provider's controls (people, process and procedures) and a procedure for verifying that the information in the report is accurate.
  • shrink wrap license - A shrink wrap license is an end user agreement (EULA) that is enclosed with software in plastic-wrapped packaging.
  • SLAPP - A SLAPP suit is a legal action undertaken or threatened to make the target stop any public activities in opposition to the interests of the person or organization bringing the suit.
  • SNOMED CT (Systematized Nomenclature of Medicine -- Clinical Terms) - SNOMED CT (Systematized Nomenclature of Medicine -- Clinical Terms) is a standardized, multilingual vocabulary of clinical terminology that is used by physicians and other health care providers for the electronic exchange of clinical health information.
  • SOC 1 (System and Organization Controls 1) - System and Organization Controls 1, or SOC 1 (pronounced "sock one"), aims to control objectives within a SOC 1 process area and documents internal controls relevant to an audit of a user entity's financial statements.
  • Soc 2 (Service Organization Control 2) - A Service Organization Control 2 (Soc 2) reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy.
  • Soc 3 (Service Organization Control 3) - A Service Organization Control 3 (Soc 3) report outlines information related to a service organization’s internal controls in security, availability, processing integrity, confidentiality or privacy.
  • softlifting - Softlifting is a common type of software piracy in which a legally licensed software program is installed or copied in violation of its licensing agreement.
  • spin (PR, marketing) - Spin, in the context of public relations (PR) and journalism, is the selective assembly of fact and the shaping of nuance to support a particular view of a story.
  • spoliation - Spoliation is the destruction, alteration, or mutilation of evidence that may pertain to legal action.
  • SSAE 16 - The Statement on Standards for Attestation Engagements No.
  • standard - A standard is a generally agreed-upon technology, method or format for a given application.
  • standard operating procedure (SOP) - A standard operating procedure (SOP) is a set of written instructions that describes the step-by-step process that must be taken to properly perform a routine activity.
  • statutory reporting - Statutory reporting is the mandatory submission of financial and non-financial information to a government agency.
  • supply chain security - Supply chain security is the part of supply chain management that focuses on the risk management of external suppliers, vendors, logistics and transportation.
  • surveillance capitalism - Surveillance capitalism is the monetization of data captured through monitoring people's movements and behaviors online and in the physical world.
  • sustainability risk management (SRM) - Sustainability risk management (SRM) is a business strategy that aligns profit goals with a company's environmental policies.
  • SWIFT FIN message - SWIFT FIN is a message type (MT) that transmits financial information from one financial institution to another.
  • take-down request - A take-down request, also called a notice and take down request, is a procedure for asking an Internet Service Provider (ISP) or search engine to remove or disable access to illegal, irrelevant or outdated information.
  • Telephone Consumer Protection Act (TCPA) - The Telephone Consumer Protection Act (TCPA) of 1991 is a federal law that places restrictions on telephone solicitations and robocalls.
  • think tank - A think tank is an organization that gathers a group of interdisciplinary scholars to perform research around particular policies, issues or ideas.
  • tokenization - Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
  • Top searches of 2008 - What were people searching the WhatIs.
  • total risk - Total risk is an assessment that identifies all of the risk factors, including potential internal and external threats and liabilities, associated with pursuing a specific plan or project or buying or selling an investment.
  • transparency - Transparency, in the context of governance, means being open and honest in all official activities.
  • triple bottom line (TBL) - The triple bottom line (TBL) is an accounting framework that includes social, environmental and financial results as bottom lines.
  • Trusted Internet Connections (TIC) - Trusted Internet Connections (TIC) is a mandate from the Office of Management and Budget (OMB) to reduce the number of Internet gateways on the federal government network and ensure that all external connections are routed through a government agency that has been designated as an approved TIC Access Provider.
  • United States Department of Transportation - The United States Department of Transportation (USDOT or DOT) is a cabinet agency of the U.
  • unknown unknown - An unknown unknown is unidentified information.
  • USA Patriot Act - The USA Patriot Act is a law enacted in 2001, granting new and extended data-collection abilities to federal agencies in an effort to combat terrorism after the September 11 attacks.
  • VAL IT (value from IT investments) - VAL IT (value from IT investments) is a framework that outlines governance best practices for information technology-enabled business investments.
  • Video Privacy Protection Act of 1988 - The Video Privacy Protection Act of 1988 is United States legislation that prevents wrongful disclosure of an individual's personally identifiable information stemming from their rental or purchase of audiovisual material, including videotapes, DVDs and video games.
  • VUCA (volatility, uncertainty, complexity and ambiguity) - VUCA is an acronym that stands for volatility, uncertainty, complexity and ambiguity -- qualities that make a situation or condition difficult to analyze, respond to or plan for.
  • What is a private cloud? - Private cloud is a type of cloud computing that delivers similar advantages to public cloud, including scalability and self-service, but through a proprietary architecture.
  • What is BCDR? Business continuity and disaster recovery guide - Business continuity (BC) and disaster recovery (DR) are closely related practices that support an organization's ability to remain operational after an adverse event.
  • What is cybersecurity? - Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats.
  • What is enterprise content management? Guide to ECM - Enterprise content management (ECM) is a set of defined processes, strategies and tools that allows a business to effectively obtain, organize, store and deliver critical information to its employees, business stakeholders and customers.
  • What is risk management and why is it important? - Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.
  • What is risk mitigation? - Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.
  • whistleblower - A whistleblower is a person who voluntarily provides information to the general public, or someone in a position of authority, about dishonest or illegal business activities occurring at an organization.
  • XCCDF (Extensible Configuration Checklist Description Format) - XCCDF (Extensible Configuration Checklist Description Format) is a specification language for writing security checklists, benchmarks and related types of documents.
SearchNetworking
  • network packet

    A network packet is a basic unit of data that's grouped together and transferred over a computer network, typically a ...

  • virtual network functions (VNFs)

    Virtual network functions (VNFs) are virtualized tasks formerly carried out by proprietary, dedicated hardware.

  • network functions virtualization (NFV)

    Network functions virtualization (NFV) is a network architecture model designed to virtualize network services that have ...

SearchSecurity
SearchCIO
SearchHRSoftware
  • recruitment

    Recruitment is the process of finding, screening, hiring and eventually onboarding qualified job candidates.

  • recruitment management system

    A recruitment management system (RMS) is a set of tools designed to manage the recruiting process.

  • applicant tracking system (ATS)

    An applicant tracking system (ATS) is software that manages the recruiting and hiring process, including job postings and job ...

SearchCustomerExperience
  • data clean room

    A data clean room is a technology service that helps content platforms keep first person user data private when interacting with ...

  • recommerce

    Recommerce is the selling of previously owned items through online marketplaces to buyers who reuse, recycle or resell them.

  • implementation

    Implementation is the execution or practice of a plan, a method or any design, idea, model, specification, standard or policy for...

Close