Skip to content
English
Submit Support Ticket Customer portal Sign in
Knowledge Hub
  • There are no suggestions because the search field is empty.

Glossary

This article contains a list of terms used throughout the 6clicks platform along with their corresponding definitions

A B C D E F G HI J K L M N O P Q R S T U V W X Y Z

 

A

Action – A task identified to be performed by a user to address or manage a risk, issue, or incident. Actions can be in the form of control responsibilities, issue actions, or event treatment plan actions.

Advisor - a professional who offers expert advice and recommendations to organisations on effectively managing governance, risk management and compliance processes

Assessment – The process of collecting and analyzing information related to potential impacts on an organization's technical and business operations

Assessment builder - Enables users to create assessments tailored to their specific requirements, including adding respondents, setting due dates, generating reports, and more

Assessment Owner - is the person or group responsible for managing the assessment process within an organization

Assessment template – A collection of predetermined sets of questions that can be used within an assessment

Asset - refers to anything valuable to an organization, such as people, computing devices, IT systems, cloud resources, software, and peripheral devices

Attestation – A technique used internally within an organization to assess the effectiveness of risk management and control processes by a control owner

Authority A standard, law, or regulation applicable to your organization, including industry standards, guidelines, and federal, state, or local laws developed by an external organization, as well as internal compliance requirements

Automation - the process of sending follow-up assessments to respondents based on their initial assessment results

B

Breach – A type of issue or incident involving a failure to comply with or non-adherence to an authority

C

Common cause - refers to an underlying reason or event that can trigger a risk. It acts as a risk trigger, such as an event, action, or change in conditions that leads to a risky situation. Examples of common cause for risks are consistent delays in obtaining approvals, poor effort estimation, chronic under-resourcing of teams, equipment failure, planning errors, miscommunication and so on.

Completed (regarding assessment) - the status of the assessments updates to completed when the respondents submit the assessment. 

Content Library - a repository where organizations can access standardized and customizable content such as assessments templates, Control sets, Authorities, Project & Playbooks and much more

Control – A measure or mechanism established to manage inherent risk, encompassing processes, policies, reviews, training, and approvals. Controls can be administrative, technical, or legal in nature.

Control set – A collection of controls associated with specific responsibilities implemented to comply with a standard, law, or regulation, or manage risk

Corrective action – A specific type of action implemented to address the root cause of identified risks, issues, or incidents in order to eliminate non-conformities and close compliance gaps.

D

Detective control – A control designed to recognize occurrences or changes in circumstances that may affect operations and alert management when they occur

Domain – An area within an organization, project, or system where potential risks exist and need to be identified, analyzed, and managed

I

Impact – Damage, either financial or non-financial, caused by an incident

Incident – Any event that disrupts or has the potential to disrupt normal business operations, compromise the security or integrity of data, or violate company policies or regulations

Integration - a capability to connect and work seamlessly with other software systems or applications. Connectors supported by 6clicks include Zapier, ServiceNow, Jira and Developer API

Inherent risk – The risk level or exposure that exists before any actions, such as the implementation of controls, are taken to mitigate the risk

Issue – A problem identified in the organization that requires investigation, remediation activities, or preventative measures to be taken

H

Hub - The hub provides a centralized 'parent' team, which oversees 'child' teams called spokes

 

L

Launchpad - Pop-out that provides access to getting started instructions and links to knowledgebase articles for different 6clicks use cases

Likelihood – The probability that a risk event will occur during the period being assessed

M

Metric – A quantifiable measurement or indicator used to assess, track, and evaluate performance, progress, or effectiveness within an organization

N

Near Miss – An event where the standard control environment fails to detect or prevent an incident from occurring, but the potential impact was prevented or did not result as predicted

P

Playbook – A list of required steps and actions to successfully respond to a scenario such as an incident

Policy – A collection of principles, guidelines, or frameworks that are adopted or designed by an organization to achieve its long-term goals

Preventative control – A control designed to prevent an issue, error, fraud, or other event from occurring

Project – A set of coordinated activities, tasks, and resources aimed at achieving specific objectives within defined scope, quality, time, and cost constraints

Provision – A detailed breakdown of the clause and requirements outlined and defined by a standard, law, or regulation (authority) including any applicable attributes

Published (regarding assessment) - the status of an assessment changes to Published when an assessor has made the necessary changes and publishes the assessment

Q

Question-Based Assessment (QBA) – A review conducted to assess various aspects of operations within an organization using a structured set of questions designed to gather specific information

R

Register – An official list or record set up and used to manage sets of data for an organization such as assets, risks, issues, and other related data sets

Requirement-Based Assessment (RBA) – A review conducted to assess various aspects of operations within an organization based on its compliance with specific provisions in an authority

Residual risk – The potential risk that remains after all applicable controls or mitigation measures have been implemented

Respondent – A subscriber, who can be either an internal or external (third-party) user, capable of receiving notifications for tasks or actions to be performed on the platform

Responsibility – A duty or obligation linked to controls and assigned to individuals or groups to ensure the implementation or completion of specific actions or tasks.  Responsibilities can be one-off or recurring tasks

Risk – A measure of the likelihood that unplanned events on an organization’s operations will occur and impact the achievement of strategy and business objectives

Risk appetite – A target level of loss exposure that the organization views as acceptable, given business objectives and resources

Risk Domain - typically refers to a specific area or category of risk within an organization such as Financial and Compliance risk domains

Risk event – A specific occurrence or incident that has the potential to impact the objectives or operations of an organization. A risk event is often associated with the realization of a particular risk or threat.

Risk libraries – Collections of pre-defined risks that can be considered relevant to an organization, project, or system through a risk review

Risk matrix – A tool used to provide a visual representation of the relationship between the likelihood and potential impact of a particular risk

Risk rating – Overall weighting of a risk which is based on a combination of the likelihood and impact of the risk to the organization

Risk review – A mechanism used on a frequent basis to re-evaluate an organization's risk environment, risk events, and their relative likelihood and impact

Risk tolerance – The degree of variance from the organization’s risk appetite that the organization is willing to tolerate

Risk treatment plan – A set of corrective actions identified and implemented by an organization to prevent, accept, mitigate, or transfer risks

Risk workflow – A predefined sequence of activities established by an organization to guide the systematic identification, assessment, treatment, and management of risks throughout their lifecycle

S

Spoke - Typically represents a team, department, service line, business, or entity running a GRC program and requires some level of separation and autonomy

T

Tags - Provide a powerful way to connect different records related to a task, project, or research activity, making it easier to organize and manage information effectively

Task – An actionable item assigned to a user that has been created in the platform

Third-party – An external entity, such as a supplier, vendor, or service provider, with whom an organization has an agreement to deliver goods, services, or support directly to the organization or its customers

Threat - refers to any potential event or circumstance that could disrupt or negatively impact an organization's operations, objectives, or reputation

Trust Portal – An online portal for sharing self-assessments and policies with external stakeholders

V

Vulnerability – A weakness or flaw within an organization's systems, infrastructure, or operations that could be exploited by threat actors and lead to potential harm, loss, or damage to assets, data, or operations