Browse Definitions :

Compliance, risk and governance

This glossary contains definitions related to compliance. Some definitions explain the meaning of words used in compliance regulations. Other definitions are related to the strategies that compliance officers use to mitigate risk and create a manageable compliance infrastructure.

ACC - ENT

  • access governance (AG) - Access governance (AG) is an aspect of information technology (IT) security management that seeks to reduce the risks associated with excessive access rights, inactive users and orphan accounts.
  • access recertification - Access recertification is an information technology (IT) control that involves auditing user access rights to determine if they are correct and adhere to the organization’s internal policies and compliance regulations.
  • accountability - Accountability means being held responsible or answerable for one's actions (or perhaps lack of action where one should have been taken).
  • accounting error - What is an accounting error?An accounting error is a non-fraudulent discrepancy in financial documentation.
  • agreed-upon procedures (AUP) - Agreed-upon procedures are the standards a company or client outlines when it hires an external party to perform an audit on specific tests or business process and then report on the results.
  • Allscripts - Allscripts is a vendor of electronic health record systems for physician practices, hospitals and healthcare systems.
  • alternative fuel vehicle (AFV) - An alternative fuel vehicle (AFV) is a vehicle that runs on substances other than the conventional petroleum gas and diesel.
  • Amazon Simple Storage Service (Amazon S3) - Amazon Simple Storage Service (Amazon S3) is a scalable, high-speed, web-based cloud storage service.
  • anti-competitive practice - An anti-competitive practice is an action conducted by one or more businesses to make it difficult or impossible for other companies to enter or succeed in their market.
  • antitrust - Antitrust is a group of laws established to regulate business practices in order to ensure that fair competition occurs in an open-market economy for the benefit of consumers.
  • audit log (AL) - An audit log is a document that records an event in an information (IT) technology system.
  • audit program (audit plan) - An audit program, also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate that an organization is in conformance with compliance regulations.
  • Bank Secrecy Act (BSA) - The Bank Secrecy Act (BSA), also known as the Currency and Foreign Transactions Reporting Act, is legislation passed by the United States Congress in 1970 that requires U.
  • Basel Committee on Banking Supervision (BCBS) - The Basel Committee on Banking Supervision (BCBS) is a group of international banking authorities who work to strengthen the regulation, supervision and practices of banks and improve financial stability worldwide.
  • blackout period - A blackout period is a duration of time when access to something usually available is prohibited.
  • business continuity policy - A business continuity policy is a set of standards and guidelines that an organization enforces to ensure resilience and proper risk management.
  • business process outsourcing (BPO) - Business process outsourcing (BPO) is a business practice in which an organization contracts with an external service provider to perform an essential business function or task.
  • business resilience - Business resilience is the ability an organization has to quickly adapt to disruptions while maintaining continuous business operations and safeguarding people, assets and overall brand equity.
  • business sustainability - Business sustainability is the management and coordination of environmental, social and financial demands and concerns to ensure responsible, ethical and ongoing success.
  • Canadian anti-spam legislation (CASL) - Canadian anti-spam legislation (CASL) is enacted regulations that require marketers and fundraisers that communicate through email, text messages or social media to obtain permission from recipients in that country.
  • Capex (capital expenditure) - A capital expenditure (Capex) is money invested by a company to acquire or upgrade fixed, physical, non-consumable assets, such as buildings and equipment or a new business.
  • CCHIT - Certification Commission for Healthcare Information Technology - The Certification Commission for Healthcare Information Technology (CCHIT) is an independent, not-for-profit group that certifies electronic health records (EHR) and networks for health information exchange (HIE) in the United States.
  • Center for Internet Security (CIS) - The Center for Internet Security (CIS) is a nonprofit organization focused on improving public- and private-sector cybersecurity readiness and response.
  • CERT-In (the Indian Computer Emergency Response Team) - CERT-In (the Indian Computer Emergency Response Team) is a government-mandated information technology (IT) security organization.
  • Certified in the Governance of Enterprise IT (CGEIT) - Certified in the Governance of Enterprise IT (CGEIT) is a vendor-neutral certification for experienced tech professionals looking to expand their knowledge and skills in enterprise information technology (IT) governance.
  • Certified Information Systems Auditor (CISA) - Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment.
  • Certified Information Systems Risk and Compliance Professional (CISRCP) - A Certified Information Systems Risk and Compliance Professional (CISRCP) is a person in the information technology (IT) field that has passed an examination on risk and compliance topics developed by the International Association of Risk and Compliance Professionals (IARCP).
  • chief data officer (CDO) - A chief data officer (CDO) in many organizations is a C-level executive whose position has evolved into a range of strategic data management responsibilities related to the business to derive maximum value from the data available to the enterprise.
  • chief digital officer (CDO) - A chief digital officer (CDO) is charged with helping an enterprise use digital information and advanced technologies to create business value.
  • Chief Privacy Officer (CPO) - A chief privacy officer (CPO) is a corporate executive charged with developing and implementing policies designed to protect customer data from unauthorized access.
  • chief risk officer (CRO) - The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings.
  • chilling effect - The chilling effect is the suppression of free speech and legitimate forms of dissent among a population because of fear of repercussion.
  • CHIME (College of Healthcare Information Management Executives) - The College of Healthcare Information Management Executives (CHIME) is an organization created to serve the professional development needs of CIOs working in the healthcare industry and to promote effective information management within that industry.
  • Class C2 - Class C2 is a security rating established by the U.
  • clean desk policy (CDP) - A clean desk policy (CDP) is a corporate directive that specifies how employees should leave their working space when they leave the office.
  • clinical decision support system (CDSS) - A clinical decision support system (CDSS) is an application that analyzes data to help healthcare providers make decisions and improve patient care.
  • clinical trial - A clinical trial, also known as a clinical research study, is a protocol to evaluate the effects and efficacy of experimental medical treatments or behavioral interventions on health outcomes.
  • cloud audit - A cloud audit is a periodic examination an organization does to assess and document its cloud vendor's performance.
  • COBIT - COBIT is an IT governance framework for businesses wanting to implement, monitor and improve IT management best practices.
  • COBIT 5 - COBIT 5 is the fifth iteration of a popular framework that's used for managing and governing information technology (IT).
  • commercial electronic message (CEM) - A commercial electronic message (CEM) is a communication soliciting business, funding or support for something that is sent through any electronic channel, including email, social media, voicemail, text and instant messages.
  • commercial motor vehicle (CMV) - A commercial motor vehicle (CMV) is any vehicle used to transport goods or passengers for the profit of an individual or business.
  • Committee on Trade and Environment (CTE) - The Committee on Trade and the Environment (CTE) is a group within the World Trade Organization (WTO) tasked with identifying and understanding the balance of environmental concerns against the interests of international trade.
  • competition law - Competition law is the body of legislation intended to prevent market distortion caused by anti-competitive practices on the part of businesses.
  • compliance - Compliance is the state of being in accordance with established guidelines or specifications, or the process of becoming so.
  • compliance audit - A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.
  • compliance automation - Compliance automation, also known as automated compliance, is a category of software applications that use artificial intelligence (AI) features and technology to simplify compliance procedures.
  • compliance burden - Compliance burden, also called regulatory burden, is the administrative cost of a regulation in terms of dollars, time and complexity.
  • compliance framework - A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation.
  • compliance risk - Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting from its failure to act in accordance with industry laws and regulations, internal policies or prescribed best practices.
  • compliance validation - In compliance, validation is a formal procedure to determine how well an official or prescribed plan or course of action is being carried out.
  • Computer Fraud and Abuse Act (CFAA) - The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that made it a federal crime to access a protected computer without proper authorization.
  • concentration ratio (CR) - A concentration ratio (CR) is a metric used in economics to express the distribution of companies in a particular industry relative to the size of the market.
  • confidentiality - Confidentiality is a set of rules or a promise that limits access or places restrictions on certain types of information.
  • consumer privacy (customer privacy) - Consumer privacy, also known as customer privacy, involves the handling and protection of the sensitive personal information provided by customers in the course of everyday transactions.
  • container (disambiguation) - This page explains how the term container is used in software development, storage, data center management and mobile device management.
  • content services platform - A content services platform is cloud-based SaaS software that enables users to create, share, collaborate on and store text, audio and video content.
  • contingency plan - A contingency plan is a course of action designed to help an organization respond effectively to a significant future incident, event or situation that may or may not happen.
  • Continuity of Care Record (CCR) - The Continuity of Care Record, or CCR, is a standard for the creation of electronic summaries of patient health.
  • control framework - A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk.
  • cooperative (co-op) - A cooperative, often shortened to “co-op,” is a business that is owned and operated by and for the benefit of its members.
  • COPPA (Children's Online Privacy Protection Act ) - The Children's Online Privacy Protection Act of 1998 (COPPA) is a federal law that imposes specific requirements on operators of websites and online services to protect the privacy of children under 13.
  • copyright - Copyright is a legal term describing ownership of control of the rights to the use and distribution of certain works of creative expression, including books, video, motion pictures, musical compositions and computer programs.
  • corporate activism - Corporate activism is a public stance taken by a large enterprise to positively impact social change or legislation.
  • corporate governance - Corporate governance is the combination of rules, processes or laws by which businesses are operated, regulated or controlled.
  • corporate performance - Corporate performance is a composite assessment of how well an organization executes on its most important parameters, typically financial, market and shareholder performance.
  • corporate social responsibility (CSR) - Corporate social responsibility is an umbrella term used to describe voluntary corporate initiatives concerned with community development, the environment and human rights.
  • COSO Framework - The COSO Framework is a system used to establish internal controls to be integrated into business processes.
  • critical infrastructure - Critical infrastructure is the body of systems, networks and assets that are so essential that their continued operation is required to ensure the security of a given nation, its economy, and the public’s health and/or safety.
  • data breach - A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion.
  • data classification - Data classification is the process of organizing data into categories that make it is easy to retrieve, sort and store for future use.
  • data compliance - Data compliance is a process that identifies the applicable governance for data protection, security, storage and other activities and establishes policies, procedures and protocols ensuring data is fully protected from unauthorized access and use, malware and other cybersecurity threats.
  • data lifecycle management (DLM) - Data lifecycle management (DLM) is a policy-based approach to managing the flow of an information system's data throughout its lifecycle: from creation and initial storage to when it becomes obsolete and is deleted.
  • data masking - Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training.
  • data privacy (information privacy) - Data privacy, also called information privacy, is an aspect of data protection that addresses the proper storage, access, retention, immutability and security of sensitive data.
  • data protection impact assessment (DPIA) - A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, procedures or technologies affect individuals’ privacy and eliminate any risks that might violate compliance.
  • data protection management (DPM) - Data protection management (DPM) comprises the administration, monitoring and management of backup processes to ensure backup tasks run on schedule and data is securely backed up and recoverable.
  • data sovereignty - Data sovereignty is the concept that information which has been converted and stored in binary digital form is subject to the laws of the country in which it is located.
  • Digital Millennium Copyright Act (DMCA) - The Digital Millennium Copyright Act (DMCA) is a controversial United States digital rights management (DRM) law enacted October 28, 1998 by then-President Bill Clinton.
  • direct digital marketing (DDM) - Direct digital marketing (DDM) is the electronic delivery of relevant communications to specific recipients.
  • disaster recovery plan (DRP) - A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident.
  • discovery mailbox - A discovery mailbox is used to perform e-discovery searches for Exchange Server and Exchange Online environments.
  • disk image - A disk image is a copy of the entire contents of a storage device, such as a hard drive, DVD, or CD.
  • document capture - Document capture is any one of several processes used to convert a physical document to another format, typically a digital representation.
  • document sanitization - In addition to making sure the document text doesn’t openly divulge anything it shouldn’t, document sanitization includes removing document metadata that could pose a privacy or security risk.
  • Dodd-Frank Act - The Dodd-Frank Act (fully known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) is a United States federal law that places regulation of the financial industry in the hands of the government.
  • Dossia - Dossia is a Web-based framework for storing and managing personal health records (PHR).
  • due process - Due process is a legal principle designed to protect the rights of citizens to fair treatment at the hands of the government.
  • e-prescribing (electronic prescribing) - E-prescribing, or electronic prescribing is a technology framework that allows physicians and other medical practitioners to write and send prescriptions to a participating pharmacy electronically instead of using handwritten or faxed notes or calling in prescriptions.
  • e-prescribing (eRx) incentive program - The Electronic Prescribing (eRx) Incentive Program is a US government program that provides financial incentives to physicians, practitioners and therapists who meet certain criteria for the use of qualified e-prescribing systems.
  • EDRM (electronic discovery reference model) - The Electronic Discovery Reference Model (EDRM) is a framework that outlines standards for the recovery and discovery and of digital data.
  • Electronic Commerce (EC Directive) Regulations 2002 - The Electronic Commerce (EC Directive) Regulations 2002 establishes legal rules that online retailers and service providers must comply with when dealing with consumers in the 27 member countries of the European Union (EU).
  • Electronic Communications Privacy Act (ECPA) - The Electronic Communications Privacy Act (ECPA) is a United States federal statute that prohibits a third party from intercepting or disclosing communications without authorization.
  • Electronic Signatures in Global and National Commerce Act (e-signature bill) - The Electronic Signatures in Global and National Commerce Act (often referred to as the e-signature bill) specifies that in the United States, the use of a digital signature is as legally valid as a traditional signature written in ink on paper.
  • electronically stored information (ESI) - Electronically stored information (ESI) is data created, altered, communicated and stored in digital form.
  • encryption key management - Encryption key management is the administration of tasks involved with protecting, storing, backing up and organizing encryption keys.
  • Encyclopedia of Ethical Failure (EEF) - The Encyclopedia of Ethical Failure (EEF) is a series of case studies that illustrates poor judgement on the part of United States federal employees.
SearchNetworking
  • network packet

    A network packet is a basic unit of data that's grouped together and transferred over a computer network, typically a ...

  • virtual network functions (VNFs)

    Virtual network functions (VNFs) are virtualized tasks formerly carried out by proprietary, dedicated hardware.

  • network functions virtualization (NFV)

    Network functions virtualization (NFV) is a network architecture model designed to virtualize network services that have ...

SearchSecurity
  • Domain-based Message Authentication, Reporting and Conformance (DMARC)

    The Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol is one leg of the tripod of internet ...

  • data breach

    A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an...

  • insider threat

    An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.

SearchCIO
  • data privacy (information privacy)

    Data privacy, also called information privacy, is an aspect of data protection that addresses the proper storage, access, ...

  • leadership skills

    Leadership skills are the strengths and abilities individuals demonstrate that help to oversee processes, guide initiatives and ...

  • data governance policy

    A data governance policy is a documented set of guidelines for ensuring that an organization's data and information assets are ...

SearchHRSoftware
SearchCustomerExperience
  • recommerce

    Recommerce is the selling of previously owned items through online marketplaces to buyers who reuse, recycle or resell them.

  • implementation

    Implementation is the execution or practice of a plan, a method or any design, idea, model, specification, standard or policy for...

  • first call resolution (FCR)

    First call resolution (FCR) is when customer service agents properly address a customer's needs the first time they call.

Close