Action – A task that has been identified to be performed by a user to mitigate an incident or issue.
Assessment – The process of collecting information related to and analysing the potential impacts on the technical and business operations that an organization may encounter.
Assessment Template – A collection of pre-determined and leverageable set of questions that can be used within an assessment.
Attestation - A technique used to internally assess the effectiveness of risk management and control processes by a control owner.
Authority - A global standard, law or regulation for organizations that are legislated, regulated or choose to opt in to certain standards.
Breach - A type of issue or incident where failure to comply with or non-adherence to, internal policies, industry or organizational standards, including non-compliance with law, regulation, relevant industry code or any obligation that requires reporting.
Control - The creation of a process to manage inherent risk (including policies, reviews, training and approvals), which can be administrative, technical or legal in nature.
Control Set - A collection of controls that are associated with specific responsibilities that are implemented to comply with a standard, law or regulation or manage risk.
Corrective Action - A type of issue where a mitigating technique designed to respond to risks, issues or incidents in order to act to appropriately correct and close gaps identified within the organization.
Detective Control - A mitigating technique designed to recognize an occurrence or change in circumstances that may affect operations and alert management when this occurs.
Impact - The damage to both financial and non-financial aspects a risk event would cause if it materialized.
Incident - A circumstance or event that could lead to or has created a financial and/or non-financial impact, unintended exposure or outcome as a result of inadequate or failed internal processes, people, systems or from an external event.
Inherent Risk - The risk level or exposure that exists before any actions (e.g., implementing controls) are taken to mitigate the risk.
Issue - A problem identified in the organization which require investigation, remediation activities or preventative measure to be taken.
Likelihood - The probability or percentage that risk event will occur during the period being assessed.
Metric - A type of monitoring activity that allow users to define goals and set tolerances that can be tracked across an organization.
Near Miss - A type of issue or incident where circumstance or event where the standard control environment fails to detect or prevent an incident occurring, but impact is prevented, or no impact resulted.
Playbook - A list of required steps and actions to successfully respond to a scenario (e.g., Incident or Business Continuity).
Policy - A collection of principles, guidelines or frameworks that are adopted or designed by an organization to achieve long term goals.
Preventative Control - A mitigating technique designed to prevent an issue, error, fraud, or other event from occurring.
Project - A module that allows users to plan and organize work via structured lists of tasks.
Provision - A detailed breakdown of the clause and requirements outlined and defined by a standard, law or regulation (authority) including any applicable attributes.
Question Based Assessment - A review conducted to assess operations within an organization that can be question based.
Register - An official list or record set up and used to manage sets of data for an organization such as Assets, Risks, Issues, Gifts and other related data sets.
Requirement Based Assessment - A review conducted to assess operations within an organization in the view of a control set.
Residual Risk - The remaining, potential risk after all control measures are applied to mitigate a risk.
Respondent - A subscriber that can be either an internal or external (third party) user that can receive notifications for a task or action to be performed in the platform.
Risk - Risk is a measure of the likelihood that unplanned events on an organization’s operations will occur and impact the achievement of strategy and business objectives.
Risk Appetite - A target level of loss exposure that the organization views as acceptable, given business objectives and resources.
Risk Libraries - A collection of pre-defined risks that can be considered relevant to an organisation, project or system through a risk review.
Risk Rating - Overall weighting of a risk which is based on a combination of the likelihood and impact of the risk to the organization.
Risk Review - A mechanism used on a frequent basis to re-evaluate the risk environment, risk events and their relative likelihood and impact.
Risk Tolerance - The degree of variance from the organization’s risk appetite that the organization is willing to tolerate.
Task - An actionable item assigned to a user that has been created in the platform.
Third-party - A supplier or a customer that an organization has an agreement with to provide a product directly to an organizations customers or to the organization itself.
Trust Portal - A portal for an organization to share self-assessments and policies with external stakeholders.