Browse Definitions :

Compliance, risk and governance

This glossary contains definitions related to compliance. Some definitions explain the meaning of words used in compliance regulations. Other definitions are related to the strategies that compliance officers use to mitigate risk and create a manageable compliance infrastructure.

SEV - XCC

  • seven wastes - The seven wastes are categories of unproductive manufacturing practices identified by Taiichi Ohno, the father of the Toyota Production System (TPS).
  • severance agreement - A severance agreement is a contract between an employer and employee documenting the rights and responsibilities of both parties in the event of job termination.
  • severance package - A severance package is the contracted pay and benefits provided to an employee whose job is terminated.
  • shadow app - A shadow app is a software program that is not supported by an employee's information technology (IT) department.
  • shadow IT - Shadow IT is hardware or software that is not supported by an organization's IT department.
  • Shared Assessments Program - Shared Assessments is a third party risk membership program that provides organizations with a way to obtain a detailed report about a service provider's controls (people, process and procedures) and a procedure for verifying that the information in the report is accurate.
  • shrink wrap license - A shrink wrap license is an end user agreement (EULA) that is enclosed with software in plastic-wrapped packaging.
  • SLAPP - A SLAPP suit is a legal action undertaken or threatened to make the target stop any public activities in opposition to the interests of the person or organization bringing the suit.
  • SNOMED CT (Systematized Nomenclature of Medicine -- Clinical Terms) - SNOMED CT (Systematized Nomenclature of Medicine -- Clinical Terms) is a standardized, multilingual vocabulary of clinical terminology that is used by physicians and other health care providers for the electronic exchange of clinical health information.
  • Soc 1 (Service Organization Control 1) - A Service Organization Control 1 or Soc 1 (pronounced "sock one") report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.
  • Soc 2 (Service Organization Control 2) - A Service Organization Control 2 (Soc 2) reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy.
  • Soc 3 (Service Organization Control 3) - A Service Organization Control 3 (Soc 3) report outlines information related to a service organization’s internal controls in security, availability, processing integrity, confidentiality or privacy.
  • softlifting - Softlifting is a common type of software piracy in which a legally licensed software program is installed or copied in violation of its licensing agreement.
  • sole proprietorship - A sole proprietorship is an unincorporated business owned by a single individual or a couple who files a single tax return.
  • SOX Section 404 (Sarbanes-Oxley Act Section 404) - SOX Section 404 (Sarbanes-Oxley Act Section 404) mandates that all publicly-traded companies must establish internal controls and procedures for financial reporting.
  • spin (PR, marketing) - Spin, in the context of public relations (PR) and journalism, is the selective assembly of fact and the shaping of nuance to support a particular view of a story.
  • spoliation - Spoliation is the destruction, alteration, or mutilation of evidence that may pertain to legal action.
  • SSAE 16 - The Statement on Standards for Attestation Engagements No.
  • standard - A standard is a generally agreed-upon technology, method or format for a given application.
  • statutory reporting - Statutory reporting is the mandatory submission of financial and non-financial information to a government agency.
  • Stop Online Piracy Act (SOPA) and PIPA - The Stop Online Piracy Act (SOPA), also known as House Bill 3261, is legislation introduced in the United States House of Representatives to enforce current laws that make stealing intellectual property and trafficking in counterfeit goods illegal.
  • structured content - Structured content is a modular approach to managing digital content that uses metadata tags and automation to publish content from a single source to multiple distribution channels.
  • subpoena - A subpoena is a command issued by a court in which a person or corporation is required to physically appear before, or produce specific evidence to, that court.
  • supply chain security - Supply chain security is the part of supply chain management (SCM) that focuses on minimizing risk for supply chain, logistics and transportation management systems (TMS).
  • surveillance capitalism - Surveillance capitalism is the monetization of data captured through monitoring people's movements and behaviors online and in the physical world.
  • sustainability risk management (SRM) - Sustainability risk management (SRM) is a business strategy that aligns profit goals with a company's environmental policies.
  • SWIFT FIN message - SWIFT FIN is a message type (MT) that transmits financial information from one financial institution to another.
  • take-down request - A take-down request, also called a notice and take down request, is a procedure for asking an Internet Service Provider (ISP) or search engine to remove or disable access to illegal, irrelevant or outdated information.
  • The United States Department of Transportation - The United States Department of Transportation (USDOT or DOT) is a cabinet agency of the U.
  • think tank - A think tank is an organization that gathers a group of interdisciplinary scholars to perform research around particular policies, issues or ideas.
  • times interest earned (TIE) - Times interest earned (TIE) is a metric used to measure a company’s manageable debt limits; by its ability to pay the monthly interest on it’s debts.
  • tokenization - Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
  • Top searches of 2008 - What were people searching the WhatIs.
  • total risk - Total risk is an assessment that identifies all of the risk factors, including potential internal and external threats and liabilities, associated with pursuing a specific plan or project or buying or selling an investment.
  • transparency - Transparency, in the context of governance, means being open and honest in all official activities.
  • triple bottom line (3BL) - The triple bottom line (3BL) is an expanded version of the business concept of the bottom line that includes social and environmental results as well as financial results.
  • Trusted Internet Connections (TIC) - Trusted Internet Connections (TIC) is a mandate from the Office of Management and Budget (OMB) to reduce the number of Internet gateways on the federal government network and ensure that all external connections are routed through a government agency that has been designated as an approved TIC Access Provider.
  • U.K. Data Protection Act 1998 (DPA 1998) - The Data Protection Act 1998 (DPA 1998) is an act of the United Kingdom (UK) Parliament defining the ways in which information about living people may be legally used and handled.
  • United Kingdom Climate Change Act - The United Kingdom Climate Change Act is the world's first legally binding environmental sustainability framework.
  • United States Department of Labor - The United States Department of Labor (U.
  • unknown unknown - An unknown unknown is unidentified information.
  • USA Patriot Act - The USA Patriot Act is a law enacted in 2001, granting new and extended data-collection abilities to federal agencies in an effort to combat terrorism after the September 11 attacks.
  • VAL IT (value from IT investments) - VAL IT (value from IT investments) is a framework that outlines governance best practices for information technology-enabled business investments.
  • Video Privacy Protection Act of 1988 - The Video Privacy Protection Act of 1988 is United States legislation that prevents wrongful disclosure of an individual's personally identifiable information stemming from their rental or purchase of audiovisual material, including videotapes, DVDs and video games.
  • Volcker rule - The Volcker rule is a section of the Dodd–Frank Act that restricts U.
  • VUCA (volatility, uncertainty, complexity and ambiguity) - VUCA is an acronym that stands for volatility, uncertainty, complexity and ambiguity, a combination of qualities that, taken together, characterize the nature of some difficult conditions and situations.
  • whistleblower - A whistleblower is a person who voluntarily provides information to the general public, or someone in a position of authority, about dishonest or illegal business activities occurring at an organization.
  • Windows Genuine Advantage (WGA) - Windows Genuine Advantage (WGA) is a program that investigates Windows -based computers to be sure that their copy of the Windows operating system (OS) is legitimate.
  • XCCDF (Extensible Configuration Checklist Description Format) - XCCDF (Extensible Configuration Checklist Description Format) is a specification language for writing security checklists, benchmarks and related types of documents.

-ADS BY GOOGLE

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • cybersecurity

    Cybersecurity is the protection of internet-connected systems -- including hardware, software and data -- from cyberattacks.

  • encryption

    Encryption is the method by which information is converted into secret code that hides the information's true meaning. The ...

  • computer worm

    A computer worm is a type of malicious software program whose primary function is to infect other computers while remaining ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

Close