Getting Started
      Back to home
      1. Knowledge Base Home
      2. Getting Started

      Glossary

      This article contains a list of terms that are used throughout the 6clicks platform including their corresponding definitions.

      A B C D E F G HI J K L M N O P Q R S T U V W X Y Z

       

      A

      Action – A task identified to be performed by a user to address or manage a risk, issue, or incident. Actions can be in the form of control responsibilities, issue actions, or event treatment plan actions.

      Advisor - a professional who offers expert advice and recommendations to organisations on effectively managing governance, risk management and compliance processes. 

      Assessment – The process of collecting and analyzing information related to potential impacts on an organization's technical and business operations.

      Assessment builder - Enables users to create assessments tailored to their specific requirements, including adding respondents, setting due dates, generating reports, and more.

      Assessment Owner - is the person or group responsible for managing the assessment process within an organization.

      Asset - refers to anything valuable to an organization, such as people, computing devices, IT systems, cloud resources, software, and peripheral devices.

      Assessment template – A collection of predetermined sets of questions that can be used within an assessment.

      Attestation – A technique used internally within an organization to assess the effectiveness of risk management and control processes by a control owner.

      Automation - the process of sending follow-up assessments to respondents based on their initial assessment results.

      Authority A standard, law, or regulation applicable to your organization, including industry standards, guidelines, and federal, state, or local laws developed by an external organization, as well as internal compliance requirements.

      B

      Breach – A type of issue or incident involving a failure to comply with or non-adherence to an authority.

      C

      Control –  A measure or mechanism established to manage inherent risk, encompassing processes, policies, reviews, training, and approvals. Controls can be administrative, technical, or legal in nature.

      Control set – A collection of controls associated with specific responsibilities implemented to comply with a standard, law, or regulation, or manage risk.

      Content Library - a repository where organizations can access standardized and customizable content such as assessments templates, Controls set, Authorities, Project & Playbooks and much more. 

      Completed (regarding assessment) - the status of the assessments updates to completed when the respondents submit the assessment. 

      Corrective action – A specific type of action implemented to address the root cause of identified risks, issues, or incidents in order to eliminate non-conformities and close compliance gaps.

      D

      Detective control – A control designed to recognize occurrences or changes in circumstances that may affect operations and alert management when they occur.

      Domain – An area within an organization, project, or system where potential risks exist and need to be identified, analyzed, and managed.

      I

      Impact – Damage, either financial or non-financial, caused by an incident. 

      Incident – Any event that disrupts or has the potential to disrupt normal business operations, compromise the security or integrity of data, or violate company policies or regulations. 

      Integration - a capability to connect and work seamlessly with other software systems or applications. Connectors supported by 6clicks include Zapier, ServiceNow, Jira and Developer API.

      Inherent risk – The risk level or exposure that exists before any actions, such as the implementation of controls, are taken to mitigate the risk.

      Issue – A problem identified in the organization that requires investigation, remediation activities, or preventative measures to be taken.

      H

      Hub - The hub provides a centralized 'parent' team, which oversees a number of 'child' teams called spokes.

       

      L

      Launchpad - Pop-out that provides access to getting started instructions and links to knowledgebase articles for different 6clicks use cases.

      Likelihood – The probability that a risk event will occur during the period being assessed.

      M

      Metric – A quantifiable measurement or indicator used to assess, track, and evaluate performance, progress, or effectiveness within an organization. 

      N

      Near Miss – An event where the standard control environment fails to detect or prevent an incident from occurring, but the potential impact was prevented or did not result as predicted.

      P

      Published (regarding assessment) - the status of an assessment changes to Published when an assessor has made the necessary changes and publishes the assessment. 

      Playbook – A list of required steps and actions to successfully respond to a scenario such as an incident.

      Policy – A collection of principles, guidelines, or frameworks that are adopted or designed by an organization to achieve its long-term goals.

      Preventative control – A control designed to prevent an issue, error, fraud, or other event from occurring.

      Project – A set of coordinated activities, tasks, and resources aimed at achieving specific objectives within defined scope, quality, time, and cost constraints.

      Provision – A detailed breakdown of the clause and requirements outlined and defined by a standard, law, or regulation (authority) including any applicable attributes.

      Q

      Question-Based Assessment (QBA) – A review conducted to assess various aspects of operations within an organization using a structured set of questions designed to gather specific information.

      R

      Register – An official list or record set up and used to manage sets of data for an organization such as assets, risks, issues, and other related data sets. 

      Requirement-Based Assessment (RBA) – A review conducted to assess various aspects of operations within an organization based on its compliance with specific provisions in an authority.

      Residual risk – The potential risk that remains after all applicable controls or mitigation measures have been implemented.

      Respondent – A subscriber, who can be either an internal or external (third-party) user, capable of receiving notifications for tasks or actions to be performed on the platform.

      Responsibility – A duty or obligation linked to controls and assigned to individuals or groups to ensure the implementation or completion of specific actions or tasks.  Responsibilities can be one-off or recurring tasks.

      Risk – A measure of the likelihood that unplanned events on an organization’s operations will occur and impact the achievement of strategy and business objectives.

      Risk appetite – A target level of loss exposure that the organization views as acceptable, given business objectives and resources.

      Risk Domain - typically refers to a specific area or category of risk within an organization such as Financial and Compliance risk domains.

       

      Risk event – A specific occurrence or incident that has the potential to impact the objectives or operations of an organization. A risk event is often associated with the realization of a particular risk or threat.

      Risk libraries – A collection of pre-defined risks that can be considered relevant to an organization, project, or system through a risk review.

      Risk matrix – A tool used to provide a visual representation of the relationship between the likelihood and potential impact of a particular risk.

      Risk rating – Overall weighting of a risk which is based on a combination of the likelihood and impact of the risk to the organization.

      Risk review – A mechanism used on a frequent basis to re-evaluate an organization's risk environment, risk events, and their relative likelihood and impact.

      Risk tolerance – The degree of variance from the organization’s risk appetite that the organization is willing to tolerate.

      Risk treatment plan – A set of corrective actions identified and implemented by an organization to prevent, accept, mitigate, or transfer risks.

      Risk workflow – A predefined sequence of activities established by an organization to guide the systematic identification, assessment, treatment, and management of risks throughout their lifecycle.

      S

      Spoke       - typically represent a team, department, service line, business or entity running a GRC program and require some level of separation and autonomy.

      T

      Tags -provide a powerful way to connect different records related to a task, project, or research activity, making it easier to organize and manage information effectively.

      Task – An actionable item assigned to a user that has been created in the platform.

      Third-party – An external entity, such as a supplier, vendor, or service provider, with whom an organization has an agreement to deliver goods, services, or support directly to the organization or its customers.

      Threat - refers to any potential event or circumstance that could disrupt or negatively impact an organization's operations, objectives, or reputation.

      Trust Portal – An online portal for sharing self-assessments and policies with external stakeholders.

      V

      Vulnerability – A weakness or flaw within an organization's systems, infrastructure, or operations that could be exploited by threat actors and lead to potential harm, loss, or damage to assets, data, or operations.