A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A
Action – A task identified to be performed by a user to mitigate an incident or issue.
Assessment – The process of collecting and analyzing information related to potential impacts on an organization's technical and business operations.
Assessment Template – A collection of predetermined and leverageable sets of questions that can be used within an assessment.
Attestation - A technique used internally within an organization to assess the effectiveness of risk management and control processes by a control owner.
Authority - A standard, law, or regulation applicable to your organization, including industry standards, federal, state and local laws, guidelines and standards developed by an external organization, or internal compliance requirements.
B
Breach - A type of issue or incident involving a failure to comply with or non-adherence to an authority.
C
Control - The creation of a process to manage inherent risk (including policies, reviews, training and approvals), which can be administrative, technical or legal in nature.
Control Set - A collection of controls associated with specific responsibilities implemented to comply with a standard, law or regulation, or manage risk.
Corrective Action - A type of issue where a mitigating technique designed to respond to risks, issues or incidents in order to act to appropriately correct and close gaps identified within the organization.
D
Detective Control - A technique designed to recognize occurrences or change in circumstances that may affect operations and alert management when they occur.
I
Impact - Damage, either financial or non-financial, caused by an incident.
Incident - Any event that disrupts or has the potential to disrupt normal business operations, compromise the security or integrity of data, or violate company policies or regulations.
Inherent Risk - The risk level or exposure that exists before any actions, such as the implementation of controls, are taken to mitigate the risk.
Issue - A problem identified in the organization which requires investigation, remediation activities, or preventative measures to be taken.
L
Likelihood - The probability that a risk event will occur during the period being assessed.
M
Metric - A monitoring activity that allows for the definition of goals and tolerances that can be tracked across an organization.
N
Near Miss - An event where the standard control environment fails to detect or prevent an incident from occurring, but the potential impact was prevented or did not result.
P
Playbook - A list of required steps and actions to successfully respond to a scenario (e.g., Incident or Business Continuity).
Policy - A collection of principles, guidelines or frameworks that are adopted or designed by an organization to achieve long term goals.
Preventative Control - A mitigating technique designed to prevent an issue, error, fraud, or other event from occurring.
Project - A module that allows users to plan and organize work via structured lists of tasks.
Provision - A detailed breakdown of the clause and requirements outlined and defined by a standard, law or regulation (authority) including any applicable attributes.
Q
Question Based Assessment - A review conducted to assess operations within an organization that can be question based.
R
Register - An official list or record set up and used to manage sets of data for an organization such as Assets, Risks, Issues, Gifts and other related data sets.
Requirement Based Assessment - A review conducted to assess operations within an organization in the view of a control set.
Residual Risk - The remaining, potential risk after all control measures are applied to mitigate a risk.
Respondent - A subscriber that can be either an internal or external (third party) user that can receive notifications for a task or action to be performed in the platform.
Risk - Risk is a measure of the likelihood that unplanned events on an organization’s operations will occur and impact the achievement of strategy and business objectives.
Risk Appetite - A target level of loss exposure that the organization views as acceptable, given business objectives and resources.
Risk Event - A specific occurrence or incident that has the potential to impact the objectives or operations of an organization. A risk event is often associated with the realization of a particular risk or threat.
Risk Libraries - A collection of pre-defined risks that can be considered relevant to an organization, project or system through a risk review.
Risk Rating - Overall weighting of a risk which is based on a combination of the likelihood and impact of the risk to the organization.
Risk Review - A mechanism used on a frequent basis to re-evaluate the risk environment, risk events and their relative likelihood and impact.
Risk Tolerance - The degree of variance from the organization’s risk appetite that the organization is willing to tolerate.
T
Task - An actionable item assigned to a user that has been created in the platform.
Third-party - A supplier or a customer that an organization has an agreement with to provide a product directly to an organizations customers or to the organization itself.
Trust Portal - A portal for an organization to share self-assessments and policies with external stakeholders.