Getting Started
      Back to home
      1. Knowledge Base Home
      2. Getting Started

      Glossary

      A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

       

      A

      Action – A task identified to be performed by a user to mitigate an incident or issue.  

      Assessment – The process of collecting and analyzing information related to potential impacts on an organization's technical and business operations. 

      Assessment Template A collection of predetermined and leverageable sets of questions that can be used within an assessment. 

      Attestation - A technique used internally within an organization to assess the effectiveness of risk management and control processes by a control owner. 

      Authority - A standard, law, or regulation applicable to your organization, including industry standards, federal, state and local laws, guidelines and standards developed by an external organization, or internal compliance requirements.  

       

      B

      Breach - A type of issue or incident involving a failure to comply with or non-adherence to an authority

       

      C

      Control - The creation of a process to manage inherent risk (including policies, reviews, training and approvals), which can be administrative, technical or legal in nature. 

      Control Set - A collection of controls associated with specific responsibilities implemented to comply with a standard, law or regulation, or manage risk.  

      Corrective Action - A type of issue where a mitigating technique designed to respond to risks, issues or incidents in order to act to appropriately correct and close gaps identified within the organization.  

       

      D

      Detective Control - A technique designed to recognize occurrences or change in circumstances that may affect operations and alert management when they occur.  

       

      I

      Impact - Damage, either financial or non-financial, caused by an incident

      Incident - Any event that disrupts or has the potential to disrupt normal business operations, compromise the security or integrity of data, or violate company policies or regulations. 

      Inherent Risk - The risk level or exposure that exists before any actions, such as the implementation of controls, are taken to mitigate the risk. 

      Issue - A problem identified in the organization which requires investigation, remediation activities, or preventative measures to be taken.   

       

      L

      Likelihood - The probability that a risk event will occur during the period being assessed. 

       

      M

      Metric - A monitoring activity that allows for the definition of goals and tolerances that can be tracked across an organization. 

       

      N

      Near Miss - An event where the standard control environment fails to detect or prevent an incident from occurring, but the potential impact was prevented or did not result. 

       

      P

      Playbook - A list of required steps and actions to successfully respond to a scenario (e.g., Incident or Business Continuity).  

      Policy - A collection of principles, guidelines or frameworks that are adopted or designed by an organization to achieve long term goals. 

      Preventative Control - A mitigating technique designed to prevent an issue, error, fraud, or other event from occurring. 

      Project - A module that allows users to plan and organize work via structured lists of tasks. 

      Provision - A detailed breakdown of the clause and requirements outlined and defined by a standard, law or regulation (authority) including any applicable attributes. 

       

      Q

      Question Based Assessment - A review conducted to assess operations within an organization that can be question based. 

       

      R

      Register - An official list or record set up and used to manage sets of data for an organization such as Assets, Risks, Issues, Gifts and other related data sets. 

      Requirement Based Assessment - A review conducted to assess operations within an organization in the view of a control set. 

      Residual Risk - The remaining, potential risk after all control measures are applied to mitigate a risk.  

      Respondent - A subscriber that can be either an internal or external (third party) user that can receive notifications for a task or action to be performed in the platform. 

      Risk - Risk is a measure of the likelihood that unplanned events on an organization’s operations will occur and impact the achievement of strategy and business objectives.  

      Risk Appetite - A target level of loss exposure that the organization views as acceptable, given business objectives and resources. 

      Risk Event - A specific occurrence or incident that has the potential to impact the objectives or operations of an organization. A risk event is often associated with the realization of a particular risk or threat.

      Risk Libraries - A collection of pre-defined risks that can be considered relevant to an organization, project or system through a risk review. 

      Risk Rating - Overall weighting of a risk which is based on a combination of the likelihood and impact of the risk to the organization. 

      Risk Review - A mechanism used on a frequent basis to re-evaluate the risk environment, risk events and their relative likelihood and impact. 

      Risk Tolerance - The degree of variance from the organization’s risk appetite that the organization is willing to tolerate. 

       

      T

      Task - An actionable item assigned to a user that has been created in the platform. 

      Third-party - A supplier or a customer that an organization has an agreement with to provide a product directly to an organizations customers or to the organization itself. 

      Trust Portal - A portal for an organization to share self-assessments and policies with external stakeholders.