Compliance, risk and governance

This glossary contains definitions related to compliance. Some definitions explain the meaning of words used in compliance regulations. Other definitions are related to the strategies that compliance officers use to mitigate risk and create a manageable compliance infrastructure.
  • What is ESG reporting? - ESG reporting is a type of corporate disclosure that details the environmental, social and governance (ESG) promises, efforts and progress of an organization.
  • What is GDPR? Compliance and conditions explained - The General Data Protection Regulation (GDPR) is legislation that updated and unified data privacy laws across the European Union (EU).
  • What is HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009? - The HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 is legislation that was created to stimulate the adoption of electronic health records (EHR) and the supporting technology in the United States.
  • What is ICD-9-CM (International Classification of Diseases, Ninth Revision, Clinical Modification)? - The International Classification of Diseases, Ninth Revision, Clinical Modification, also known simply as ICD-9-CM, is the U.
  • What is ITIL? A guide to the IT Infrastructure Library - ITIL (Information Technology Infrastructure Library) is a framework designed to standardize the selection, planning, delivery, maintenance and overall lifecycle of IT services within a business.
  • What is OPSEC (operations security)? - OPSEC (operations security) is an analytical process that military, law enforcement, government and private organizations use to prevent sensitive or proprietary information from being accessed inappropriately.
  • What is PHI (protected or personal health information)? - Protected health information (PHI), also referred to as 'personal health information,' is the demographic information, medical histories, test and laboratory results, physical and mental health conditions, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate care.
  • What is records management? - Records management is the supervision and administration of digital or paper records, regardless of format.
  • What is relationship marketing? - Relationship marketing is a facet of customer relationship management (CRM) that focuses on customer loyalty and long-term customer engagement rather than shorter-term goals like customer acquisition and individual sales.
  • What is risk management? Importance, benefits and guide - Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations.
  • What is risk mitigation? Strategies, plan and best practices - Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.
  • What is the Cybersecurity Information Sharing Act (CISA)? - The Cybersecurity Information Sharing Act (CISA) allows United States government agencies and non-government entities to share information with each other as they investigate cyberattacks.
  • What is the Driver's Privacy Protection Act (DPPA)? - The Driver's Privacy Protection Act (DPPA) is a United States federal law designed to protect the personally identifiable information of licensed drivers from improper use or disclosure.
  • What is the Gramm-Leach-Bliley Act (GLBA)? - The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways financial institutions deal with the private information of individuals.
  • What is the triple bottom line (TBL)? - The triple bottom line (TBL) is a sustainability-based accounting framework that includes social, environmental and financial factors as bottom-line categories.
  • What is threat modeling? - Threat modeling is the systematic process of identifying threats to and vulnerabilities in software applications, and then defining countermeasures to mitigate those threats and vulnerabilities to better protect business processes, networks, systems and data.
  • Whistleblower Protection Act - The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from retaliatory action for voluntarily disclosing information about dishonest or illegal activities occurring in a government organization.