Browse Definitions :

Compliance, risk and governance

This glossary contains definitions related to compliance. Some definitions explain the meaning of words used in compliance regulations. Other definitions are related to the strategies that compliance officers use to mitigate risk and create a manageable compliance infrastructure.

ISA - SER

  • ISAE 3402 - ISAE (International Standards for Assurance Engagements) 3402 is a global assurance standard for reporting on controls at service organizations.
  • ISO 20022 - ISO 20022 is an ISO standard for developing financial services messages.
  • ISO 22317 (International Standards Organization 22317) - The ISO 22317 provides guidance on conducting a formal business impact analysis.
  • ISO/IEC 17799: Code of Practice for Information Security Management - ISO/IEC 17799: Code of Practice for Information Security Management is a generic set of best practices for the security of information systems.
  • ISO/IEC 38500 - ISO/IEC 38500 is an international standard created to guide corporate governance of information technology (IT).
  • IT audit (information technology audit) - An IT audit is the examination and evaluation of an organization's information technology infrastructure, policies and operations.
  • IT incident management - IT incident management is an area of IT service management (ITSM) wherein the IT team returns a service to normal as quickly as possible after a disruption, in a way that aims to create as little negative impact on the business as possible.
  • ITAR and EAR compliance - The International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) are two important United States export control laws that affect the manufacturing, sales and distribution of technology.
  • JOBS Act (Jumpstart Our Business Startups Act) - The JOBS Act (Jumpstart Our Business Startups Act) is legislation that eases regulatory restrictions for new businesses to make it easier for startups to get established.
  • knowledge process outsourcing (KPO) - Knowledge process outsourcing (KPO) is the allocation of relatively high-level tasks to an outside organization or a different group within the same organization.
  • known known - A known known is information that is fully studied and well understood, so that an individual or organization can have confidence in its comprehension and relevance.
  • Kyoto Protocol - The Kyoto Protocol, also known as the Kyoto Accord, is an international treaty among industrialized nations that sets mandatory limits on greenhouse gas emissions.
  • limitation of liability clause - A limitation of liability clause is the section in a service-level agreement (SLA) that specifies the amounts and types of damages that each party will be obliged to provide to the other in particular circumstances.
  • limited liability company (LLC) - A limited liability company (LLC) is a hybrid unincorporated business structure that combines the pass-through tax model of partnerships and sole proprietorships with the protection of individual assets provided by the C corporation.
  • litigation hold (preservation orders or hold orders) - Litigation hold is a stipulation requiring a company to preserve all data that may relate to a legal action involving the company.
  • log (log file) - A log, in a computing context, is the automatically produced and time-stamped documentation of events relevant to a particular system.
  • log management - Log management is the collective processes and policies used to administer and facilitate the generation, transmission, analysis, storage, archiving and ultimate disposal of the large volumes of log data created within an information system.
  • managed file transfer (MFT) - Managed file transfer (MFT) is a type of software used to provide secure internal, external and ad-hoc data transfers through a network.
  • market concentration - Market concentration is the distribution of a given market among the participating companies.
  • mass notification system (MNS) - A mass notification system is a platform that sends one-way messages to inform employees and the public of an emergency.
  • Massachusetts data protection law - What is the Massachusetts data protection law?The Massachusetts data protection law is legislation that stipulates security requirements for organizations that handle the private data of residents.
  • metadata security - Metadata is defined as “data about data.
  • Microsoft Exchange 2013 In-Place Hold - In-Place Hold is a new e-discovery feature that was first introduced in Exchange Server 2013 release.
  • Microsoft Operations Framework (MOF) - Microsoft Operations Framework (MOF) is a series of 23 documents that guide IT professionals through the processes of creating, implementing and managing efficient and cost-effective services.
  • MiFID (Markets in Financial Instruments Directive) - MiFID (the Markets in Financial Instruments Directive) is legislation for the regulation of investment services within the European Economic Area.
  • mobile governance - Mobile governance refers to the processes and policies used to manage mobile device access to an organization's network or its data.
  • monopoly - Monopolies may result from a lack of competing companies in a given market or a limited number of companies that are strong competitors.
  • NASSCOM (National Association of Software and Services Companies) - The National Association of Software and Services Companies (NASSCOM) is a not-for-profit Indian consortium created to promote the development of the country's IT (information technology) and business process outsourcing (BPO) industries.
  • National Highway Traffic Safety Administration (NHTSA) - The National Highway Traffic Safety Administration (NHTSA) is a federal agency of the United States government tasked with upholding regulatory safety standards in automobile manufacturing and the highway transportation system.
  • NERC CIP (critical infrastructure protection) - The NERC CIP (critical infrastructure protection) plan is a set of requirements designed to secure assets vital to reliably operating North America's bulk electric system.
  • Nintex Sign - Nintex Sign is a native electronic signature capability that is powered by Adobe Sign.
  • non-renewable resource - A non-renewable resource is one that either does not regenerate or does not regenerate quickly enough to serve some human purpose in a sustainable way.
  • oligopoly - An oligopoly is a small group of companies that dominate a given market.
  • ONC (Office of the National Coordinator for Health Information Technology) - The Office of the National Coordinator for Health Information Technology, abbreviated ONC, is an entity within the U.
  • Open Internet Order of 2010 - The Open Internet Order of 2010 is a set of rules proposed by the United States Federal Communications Commission (FCC) with the purpose of maintaining an open and neutral internet that supports free speech and generally treats all traffic as equal.
  • operational costs - Definition - In information technology, operational costs document the price of running of IT services on a day-to-day basis.
  • operational level agreement (OLA) - An operational level agreement (OLA) is a contract that defines how various IT groups within a company plan to deliver a service or set of services.
  • Opex (operational expenditure) - An operational expenditure (Opex) is the money a company spends on an ongoing, day-to-day basis in order to run a business or system.
  • opposition research (oppo) - Opposition research, also known as oppo research and sometimes just oppo, is the process of seeking out information to use against an adversary such as a political opponent or business competitor.
  • opt-out - Opt-out communications are messages sent for marketing, promotion or fundraising that include an option for the recipient to be removed from any future messages.
  • Organization for Economic Cooperation and Development (OECD) - The Organization for Economic Cooperation and Development (OECD) is a collaborative inter-governmental body dedicated to furthering economic progress and world trade.
  • PA-DSS (Payment Application Data Security Standard) - Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors develop secure payment applications that support PCI DSS compliance.
  • partnership - In a partnership, all profits and losses pass through to partners and are reported on their individual tax returns.
  • patent troll - A patent troll is an individual or an organization that purchases and holds patents for unscrupulous purposes such as stifling competition or launching patent infringement suits.
  • PCAOB (Public Company Accounting Oversight Board) - The Public Company Accounting Oversight Board (PCAOB) is a Congressionally-established nonprofit that assesses audits of public companies in the United States to protect investors' interests.
  • PCI assessment - A PCI assessment is an audit of the 12 credit card transaction compliance requirements required by the Payment Card Industry Data Security Standard.
  • PCI DSS 12 requirements - PCI DSS 12 requirements is a set of security controls that businesses are required to implement to protect credit card data and comply with the Payment Card Industry Data Security Standard (PCI DSS).
  • PCI DSS 2.0 - PCI DSS 2.0 (Payment Card Industry Data Security Standard Version 2.
  • PCI DSS compliance (Payment Card Industry Data Security Standard compliance) - Payment Card Industry Data Security Standard (PCI DSS) compliance is adherence to the set of policies and procedures developed to protect credit, debit and cash card transactions and prevent the misuse of cardholders' personal information.
  • PCI DSS merchant levels - Merchant levels are used by the payment card industry (PCI) to determine risk levels and determine the appropriate level of security for their businesses.
  • PCI DSS User Group - The PCI DSS User Group is a London-based user group for merchants and retailers who must comply with the 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS).
  • PCI gap assessment - A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS).
  • PCI policy - A PCI policy is a type of security policy that covers how an organization addresses the 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS).
  • PCI QSA - Payment Card Industry Qualified Security Assessor (PCI QSA) is a designation conferred by the PCI Security Standards Council to individuals it deems qualified to perform PCI assessments and consulting services.
  • PCI Security Standards Council - The PCI Security Standards Council is an organization created by the major credit card companies in an effort to better protect credit card holder data.
  • personally identifiable financial information (PIFI) - Personally identifiable financial information (PIFI) is any type of personally identifiable information (PII) that is linked to that person's finances.
  • personally identifiable information (PII) - Personally identifiable information (PII) is any data that could potentially identify a specific individual.
  • policy engine - A policy engine is a software component that allows an organization to create, monitor and enforce rules about how network resources and the organization's data can be accessed.
  • predictive coding - Predictive coding software can be used to automate portions of an e-discovery document review.
  • privacy compliance - Privacy compliance is a company's accordance with established personal information protection guidelines, specifications or legislation.
  • privacy impact assessment (PIA) - A privacy impact assessment (PIA) is an analysis of how an individual's or groups of individuals' personally identifiable information is collected, used, shared and maintained by an organization.
  • Privacy Shield (EU-US Privacy Shield) - EU-US Privacy Shield is a framework for adherence to E.
  • private cloud (internal cloud or corporate cloud) - Private cloud is a type of cloud computing that delivers similar advantages to public cloud, including scalability and self-service, but through a proprietary architecture.
  • privilege bracketing - Privilege bracketing is the practice of limiting temporarily increased permission levels to the briefest possible time period.
  • problem management - Problem management, in information technology, is a process aimed at resolving incidents and problems caused by end-user errors or IT infrastructure issues, and preventing recurrence of such incidents.
  • protected health information (PHI) or personal health information - Protected health information (PHI), also referred to as personal health information, generally refers to demographic information, medical histories, test and laboratory results, mental health conditions, insurance information, and other data that a healthcare professional collects to identify an individual and determine appropriate care.
  • PTO (paid time off, personal time off) - Paid time off (PTO) is a human resource management (HRM) policy that provides employees with a pool of bankable hours that can be used for any purpose.
  • Public Relations Society of America (PRSA) - The Public Relations Society of America (PRSA) is the world's largest association for public relations (PR) professionals, overseeing more than 21,000 members.
  • public sector - The public sector is the segment of an economic system that is controlled by government; it contrasts with the private sector, which is run by private citizens.
  • Qualified Security Assessor (QSA) - A Qualified Security Assessor (QSA) is a person who has been certified by the PCI Security Standards Council to audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance.
  • Quick Start Glossary: PCI DSS (Payment Card Industry Data Security Standard) - Payment Card Industry Data Security Standard (PCI DSS): Print the glossary out for a fast reference or access online to see full definitions and further resources.
  • quiet period - A quiet period is a measure of time during which corporate insiders are restricted from disclosing information relative to the performance or prospective performance of a company before that information is made public.
  • records management - Records management (RM) is the administration of records and documented information for the entirety of its lifecycle, which includes creation, maintenance, use, storage, retrieval and disposal.
  • Red Flags Rule (RFR) - The Red Flags Rule (RFR) is a set of United States federal regulations that require certain businesses and organizations to develop and implement documented plans to protect consumers from identity theft.
  • Reduce, reuse, recycle (R3) - Reduce, reuse and recycle (R3) are the three essential components of environmentally-responsible consumer behavior.
  • RegTech - RegTech, or regulatory technology, is a term used to describe technology that is used to help streamline the process of regulatory compliance.
  • Regulation Fair Disclosure (Regulation FD or Reg FD) - Regulation Fair Disclosure is a rule passed by the U.
  • Regulation SCI (Regulation Systems Compliance and Integrity) - Regulation SCI is a set of compliance rules designed by the SEC to monitor and regulate the technology infrastructure of U.
  • regulatory compliance - Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business processes.
  • relationship marketing - Relationship marketing is a customer relationship management strategy designed to encourage strong, lasting customer connections to a brand.
  • remote deposit capture (RDC) - Remote deposit capture (RDC) is a system that allows a customer to scan checks remotely and transmit the check images to a bank for deposit, usually via an encrypted Internet connection.
  • removable media - Removable media is any type of storage device that can be removed from a computer while the system is running.
  • Report on Compliance (ROC) - A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS audit.
  • risk assessment - Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.
  • risk assessment framework (RAF) - A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.
  • risk exposure - Risk exposure is a quantified loss potential of business actions, and is usually calculated based on the probability of the incident occurring multiplied by its potential losses.
  • risk intelligence (RQ) - Risk intelligence (RQ) is a term used to describe predictions made around uncertainties and future threat probabilities.
  • ROBO backup (remote data backup) - ROBO backup is the process of copying and archiving data created by remote and branch offices (ROBOs) and storing it securely.
  • S corporation (S corp) - Like a C corporation, the S corp is considered a separate entity under the law.
  • Safe Harbor - Safe Harbor is the name of a policy agreement established between the United States Department of Commerce and the European Union in November 2000.
  • Sarbanes-Oxley Act (SOX) - The Sarbanes-Oxley Act of 2002 is a federal law that established sweeping auditing and financial regulations for public companies.
  • Section 508 - Section 508, an amendment to the United States Workforce Rehabilitation Act of 1973, is a federal law mandating that all electronic and information technology developed, procured, maintained, or used by the federal government be accessible to people with disabilities.
  • Secure Electronic Transaction (SET) - Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet.
  • security audit - A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria.
  • security information management (SIM) - Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs.
  • segregation of duties (SoD) - Segregation of duties (SoD) is an internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task.
  • sensitive information - Sensitive information is data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization.
  • serious reportable event (SRE) - A serious reportable event (SRE) is an incident involving death or serious harm to a patient resulting from a lapse or error in a healthcare facility.

-ADS BY GOOGLE

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • cybersecurity

    Cybersecurity is the protection of internet-connected systems -- including hardware, software and data -- from cyberattacks.

  • encryption

    Encryption is the method by which information is converted into secret code that hides the information's true meaning. The ...

  • computer worm

    A computer worm is a type of malicious software program whose primary function is to infect other computers while remaining ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

Close