Governance and compliance Definitions

Search Definitions
  • A

    audit program (audit plan)

    An audit program, also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate that an organization is in conformance with compliance regulations.

  • B

    Basel Committee on Banking Supervision (BCBS)

    The Basel Committee on Banking Supervision (BCBS) is a group of international banking authorities who work to strengthen the regulation, supervision and practices of banks and improve financial stability worldwide.

  • C

    Certified Information Systems Risk and Compliance Professional (CISRCP)

    A Certified Information Systems Risk and Compliance Professional (CISRCP) is a person in the information technology (IT) field that has passed an examination on risk and compliance topics developed by the International Association of Risk and Compliance Professionals (IARCP).

  • COBIT 5

    COBIT 5 is the fifth iteration of a popular framework that's used for managing and governing information technology (IT).

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (MSP) will help an organization meet its regulatory compliance mandates.

  • compliance burden

    Compliance burden, also called regulatory burden, is the administrative cost of a regulation in terms of dollars, time and complexity.

  • compliance framework

    A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting from its failure to act in accordance with industry laws and regulations, internal policies or prescribed best practices.

  • conduct risk

    Conduct risk is the prospect of financial loss to an organization that is caused by the actions of an organization's administrators and employees.

  • control framework

    A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk.

  • corporate social responsibility (CSR)

    Corporate social responsibility is an umbrella term used to describe voluntary corporate initiatives concerned with community development, the environment and human rights. 

  • D

    data governance policy

    A data governance policy is a documented set of guidelines for ensuring that an organization's data and information assets are managed consistently and used properly.

  • G

    Generally Accepted Recordkeeping Principles (the Principles)

    Generally Accepted Recordkeeping Principles is a framework for managing records in a way that supports an organization's immediate and future regulatory, legal, risk mitigation, environmental and operational requirements.

  • governance, risk management and compliance (GRC)

    Governance, risk and compliance (GRC) refers to an organization's strategy for handling the interdependencies between corporate governance policies, enterprise risk management (ERM) programs, and regulatory and company compliance.

  • I

    information governance

    Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and metrics that treat information as a valuable business asset.

  • IT controls

    An IT control is a procedure or policy that provides a reasonable assurance that the information technology (IT) used by an organization operates as intended, that data is reliable and that the organization is in compliance with applicable laws and regulations. Continued...

  • IT Governance Institute (ITGI)

    The IT Governance Institute (ITGI) is an arm of ISACA that provides research, publications and resources on IT governance and related topics.

  • M

    mobile governance

    Mobile governance refers to the processes and policies used to manage mobile device access to an organization's network or its data.

  • P

    privacy compliance

    Privacy compliance is a company's accordance with established personal information protection guidelines, specifications or legislation.

  • privacy impact assessment (PIA)

    A privacy impact assessment (PIA) is an analysis of how an individual's or groups of individuals' personally identifiable information is collected, used, shared and maintained by an organization.

  • R

    regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business processes.

  • risk exposure

    Risk exposure is the quantified potential loss from business activities currently underway or planned.

  • risk intelligence (RQ)

    Risk intelligence (RQ) is a term used to describe predictions made around uncertainties and future threat probabilities.

  • S

    Securities and Exchange Act of 1934 (Exchange Act)

    The Securities and Exchange Act of 1934 (Exchange Act) is a law that governs secondary trading and stock exchanges.

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • social media policy

    A social media policy (also called a social networking policy)  is a corporate code of conduct that provides guidelines for employees who post content on the Internet either as part of their job or as a private person.

  • U

    U.S. Department of Homeland Security (DHS)

    The U.S. Department of Homeland Security (DHS) is a federal agency designed to protect the United States against threats.

  • V

    VAL IT (value from IT investments)

    VAL IT (value from IT investments) is a framework that outlines governance best practices for information technology-enabled business investments.

  • Video Privacy Protection Act of 1988

    The Video Privacy Protection Act of 1988 is United States legislation that prevents wrongful disclosure of an individual's personally identifiable information stemming from their rental or purchase of audiovisual material, including videotapes, DVDs and video games.

  • W

    Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from retaliatory action for voluntarily disclosing information about dishonest or illegal activities occurring in a government organization.

SearchCIO
SearchHealthIT
SearchCloudComputing
SearchDataCenter
SearchDataManagement
SearchSecurity
Close