Compliance Management Definitions

  • A

    access list (AL)

    An access list (AL) is a list of permissions used in physical and information technology (IT) security to control who is allowed contact with a corporate asset.  The asset can be a building, a room or a computer file. 

  • agreed-upon procedures (AUP)

    Agreed-upon procedures are the standards a company or client outlines when it hires an external party to perform an audit on specific tests or business process and then report on the results.

  • AICPA (American Institute of Certified Public Accountants)

    The AICPA (American Institute of Certified Public Accountants) is a member association for the accounting profession that sets ethical standards for accountants, as well as U.S. auditor standards for private companies, nonprofit organizations and the government.

  • Altman Z-score

    The Altman Z-score is a statistic that is useful for evaluating the financial health of a publicly traded manufacturing company. 

  • audit log (AL)

    An audit log is a document that records an event in an information (IT) technology system.

  • audit program (audit plan)

    An audit program, also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate that an organization is in conformance with compliance regulations.

  • autoclassification

    Autoclassification is an intelligent technology found in some content management systems (CMS) wherein documents are scanned and automatically assigned categories and keywords based on the content within the documents.

  • B

    Basel Committee on Banking Supervision (BCBS)

    The Basel Committee on Banking Supervision (BCBS) is a group of international banking authorities who work to strengthen the regulation, supervision and practices of banks and improve financial stability worldwide.

  • C

    Center for Internet Security (CIS)

    The Center for Internet Security (CIS) is a nonprofit organization focused on improving public- and private-sector cybersecurity readiness and response.

  • Certified Information Systems Risk and Compliance Professional (CISRCP)

    A Certified Information Systems Risk and Compliance Professional (CISRCP) is a person in the information technology (IT) field that has passed an examination on risk and compliance topics developed by the International Association of Risk and Compliance Professionals (IARCP).

  • chief risk officer (CRO)

    The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings.

  • cloud computing security

    Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use.

  • COBIT 5 (Control Objectives for Information and Related Technology 5)

    COBIT 5 is the fifth iteration of a popular framework that's used for managing and governing information technology (IT).

  • Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS)

    Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS) is program for evaluating IT products' conformance to international IT security standards. 

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparations. Auditors review security polices, user access controls and risk management procedures over the course of a compliance audit... (Continued)

-ADS BY GOOGLE

SearchCIO

SearchHealthIT

SearchCloudComputing

SearchDataCenter

SearchDataManagement

SearchSecurity

Close