Taxonomy

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 

A

Action – A task that has been identified to be performed by a user to mitigate an incident or issue.  

Assessment – The process of collecting information related to and analysing the potential impacts on the technical and business operations that an organization may encounter. 

Assessment Template – A collection of pre-determined and leverageable set of questions that can be used within an assessment. 

Attestation - A technique used to internally assess the effectiveness of risk management and control processes by a control owner. 

Authority - A global standard, law or regulation for organizations that are legislated, regulated or choose to opt in to certain standards.  

 

B

Breach - A type of issue or incident where failure to comply with or non-adherence to, internal policies, industry or organizational standards, including non-compliance with law, regulation, relevant industry code or any obligation that requires reporting. 

 

C

Control - The creation of a process to manage inherent risk (including policies, reviews, training and approvals), which can be administrative, technical or legal in nature. 

Control Set - A collection of controls that are associated with specific responsibilities that are implemented to comply with a standard, law or regulation or manage risk.  

Corrective Action - A type of issue where a mitigating technique designed to respond to risks, issues or incidents in order to act to appropriately correct and close gaps identified within the organization.  

 

D

Detective Control - A mitigating technique designed to recognize an occurrence or change in circumstances that may affect operations and alert management when this occurs.  

 

I

Impact - The damage to both financial and non-financial aspects a risk event would cause if it materialized. 

Incident - A circumstance or event that could lead to or has created a financial and/or non-financial impact, unintended exposure or outcome as a result of inadequate or failed internal processes, people, systems or from an external event. 

Inherent Risk - The risk level or exposure that exists before any actions (e.g., implementing controls) are taken to mitigate the risk. 

Issue - A problem identified in the organization which require investigation, remediation activities or preventative measure to be taken.   

 

L

Likelihood - The probability or percentage that risk event will occur during the period being assessed. 

 

M

Metric - A type of  monitoring activity that allow users to define goals and set tolerances that can be tracked across an organization. 

 

N

Near Miss - A type of issue or incident where circumstance or event where the standard control environment fails to detect or prevent an incident occurring, but impact is prevented, or no impact resulted. 

 

P

Playbook - A list of required steps and actions to successfully respond to a scenario (e.g., Incident or Business Continuity).  

Policy - A collection of principles, guidelines or frameworks that are adopted or designed by an organization to achieve long term goals. 

Preventative Control - A mitigating technique designed to prevent an issue, error, fraud, or other event from occurring. 

Project - A module that allows users to plan and organize work via structured lists of tasks. 

Provision - A detailed breakdown of the clause and requirements outlined and defined by a standard, law or regulation (authority) including any applicable attributes. 

 

Q

Question Based Assessment - A review conducted to assess operations within an organization that can be question based. 

 

R

Register - An official list or record set up and used to manage sets of data for an organization such as Assets, Risks, Issues, Gifts and other related data sets. 

Requirement Based Assessment - A review conducted to assess operations within an organization in the view of a control set. 

Residual Risk - The remaining, potential risk after all control measures are applied to mitigate a risk.  

Respondent - A subscriber that can be either an internal or external (third party) user that can receive notifications for a task or action to be performed in the platform. 

Risk - Risk is a measure of the likelihood that unplanned events on an organization’s operations will occur and impact the achievement of strategy and business objectives.  

Risk Appetite - A target level of loss exposure that the organization views as acceptable, given business objectives and resources. 

Risk Libraries - A collection of pre-defined risks that can be considered relevant to an organisation, project or system through a risk review. 

Risk Rating - Overall weighting of a risk which is based on a combination of the likelihood and impact of the risk to the organization. 

Risk Review - A mechanism used on a frequent basis to re-evaluate the risk environment, risk events and their relative likelihood and impact. 

Risk Tolerance - The degree of variance from the organization’s risk appetite that the organization is willing to tolerate. 

 

T

Task - An actionable item assigned to a user that has been created in the platform. 

Third-party - A supplier or a customer that an organization has an agreement with to provide a product directly to an organizations customers or to the organization itself. 

Trust Portal - A portal for an organization to share self-assessments and policies with external stakeholders.