Skip to content

Your glossary for risk and compliance

Helpful definitions of all of the terms you need to know to better manage risk and compliance.

Trusted by the world’s leading organisations

qld-gov-logo

vic-gov-logo.png

nsw-gov-logo

Accel-IT-logo

TCS-logo-new

Melbourne-Racing-Club-logo

flybuys-logo

BDO-logo-resized-1

Trusted-Impact-Logo-resized

PS-Logo-nobg

ICT Legal - Favicon

riskcom-logo

EY-logo

devicedesk

Fisher-Leadership-logo

insync-logo1

Maddocks

KordaMentha_Logo

Picture1

AFSL Authorised Representative

An Australian Financial Service Licensed (AFSL) Authorised Representative is a person who has been authorised by an AFSL holder to provide financial services..


More

AICPA

AICPA is the acronym for the American Institute of Certified Public Accountants. The AICPA is the originator of the SOC (System and Organization Controls)..


More

Annex A Controls

Annex A of the ISO 27001 standard consists of a list of security controls organizations can utilize to improve the security of their information assets. ISO..


More

ASIC

Australian Securities and Investments Commission ASIC is responsible for licensing financial services providers under the Corporations Act 2001 (Cth) and is..


More

Attestation of Compliance (AOC)

The Attestation of Compliance is the formal validation document used to demonstrate an entity’s compliance status to interested external parties (Banks,..


More

Business Continuity Management

Business continuity management is the ongoing process for management to oversee and implement resilience, continuity, and response capabilities to safeguard..


More

Compliance Automation Software

Compliance automation software monitors a company's internal systems and controls, helping ensure it complies with required standards and regulations while..


More

Compliance Risk Management

Compliance risk management, which is a subset of compliance management, involves identifying, assessing, and monitoring the risks to your enterprise's..


More

Cybersecurity Maturity Model Certification (CMMC)

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which..


More

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a US specific government program that provides a standardised approach to security..


More

Governance Risk & Compliance (GRC)

Governance, risk, and compliance (GRC) software allows a company to effectively manage its governance, enterprise risk program, and its compliance with..


More

GPDR

The General Data Protection Regulation (GDPR) 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic..


More

HIPAA

HIPAA is the acronym for the Health Insurance Portability and Accountability Act passed by Congress in 1996. HIPAA helps by:

  • Providing the ability to transfer..

More

HITRUST

HITRUST stands for the Health Information Trust Alliance and was founded in 2007. The standard was organised with the intent to provide an option for..


More

Incident Management

Incident management is the process of managing activities to detect, analyse, respond to, and remediate an organisation's security posture. 


More

Information Security Management System (ISMS)

An Information Security Management System, also known as an ISMS, is a systematic approach consisting of processes, technology and people that helps you..


More

ISMS Governing Body

An ISMS governing body is an organizational governance team with management oversight, composed of key members of top management—typically defined as senior..


More

ISO 27001

ISO/IEC 27001 is a framework for managing IT security. ISO 27001 is an information security management system (ISMS) that helps keep consumer data safe, and..


More

Notifiable Data Breach

Under the Australian Notifiable Data Breaches (NDB) scheme by the OAIC, an organisation or agency must notify an individual and OAIC when a data breach..


More

OAIC

The Office of the Australian Information Commissioner (OAIC) is an independent agency within the Attorney-General’s portfolio. The primary functions include..


More

Policy Management

Policy management is the process of creating, implementing and maintaining policies and procedures within an organisation. An effective policy management..


More

SOC 1

A Service Organization Control 1 or SOC 1 report is documentation of the internal controls that are likely to be relevant to an audit of a customer's financial..


More

SOC 2

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five "trust service criteria" — security,..


More

SOC 3

You can think of a SOC 3 report as a redacted SOC 2 report; the SOC 3 report summarizes the material of a SOC 2 report, but it excludes details of the testing..


More

SOC Reports

A service organization controls (SOC) report is a way to verify that an organization is following specific best practices related to protecting their clients'..


More

SOC Trust Services Criteria (TSC)

The Trust Services Criteria (formerly Trust Services Principles) are control criteria utilized to evaluate and report on the suitability of the design and..


More

SSAE 16

The Statement on Standards for Attestation Engagements No. 16 (SSAE 16) is a set of auditing standards and guidance published by the Auditing Standards Board..


More

SSAE 18

SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports, now superseding SSAE 16. The changes made to the standard this..


More

Third Party Risk Management

Third-party risk management is the process of analysing and monitoring risks associated with outsourcing to third-party vendors, suppliers or service..


More

Vendor Assessment

Vendor assessment describes an organization's program of assessing its vendors' management of that organization's information, and whether vendors are..


More

Vendor Management Policy

A vendor management policy is an important component of an organization's larger compliance risk management strategy. It is a best practice for any..


More

Vendor Review

Vendor review is a process by which an organization can understand the potential risks of utilizing a vendor's product or service, as well as an ongoing..


More

Vulnerability

Mistakes happen, even in the process of building and coding technology. What’s left behind from these mistakes is commonly referred to as a bug. While bugs..


More

Vulnerability Management

Vulnerability management is the process of identifying, evaluating, treating, and reporting on security vulnerabilities in systems and the software that runs..


More

Load More