Compliance, risk and governance

This glossary contains definitions related to compliance. Some definitions explain the meaning of words used in compliance regulations. Other definitions are related to the strategies that compliance officers use to mitigate risk and create a manageable compliance infrastructure.
  • What is PHI (protected or personal health information)? - Protected health information (PHI), also referred to as 'personal health information,' is the demographic information, medical histories, test and laboratory results, physical and mental health conditions, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate care.
  • What is records management? - Records management is the supervision and administration of digital or paper records, regardless of format.
  • What is relationship marketing? - Relationship marketing is a facet of customer relationship management (CRM) that focuses on customer loyalty and long-term customer engagement rather than shorter-term goals like customer acquisition and individual sales.
  • What is risk management? Importance, benefits and guide - Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations.
  • What is risk mitigation? Strategies, plan and best practices - Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.
  • What is root cause analysis? - Root cause analysis (RCA) is a method for understanding the underlying cause of an observed or experienced incident.
  • What is the Cybersecurity Information Sharing Act (CISA)? - The Cybersecurity Information Sharing Act (CISA) allows United States government agencies and non-government entities to share information with each other as they investigate cyberattacks.
  • What is the Digital Operational Resilience Act (DORA)? - The Digital Operational Resilience Act (DORA) is a European Union regulation designed to enhance cybersecurity and ensure functional continuity of the financial sector, employing rigorous information and communications technology (ICT) standards across all EU financial entities.
  • What is the Driver's Privacy Protection Act (DPPA)? - The Driver's Privacy Protection Act (DPPA) is a United States federal law designed to protect the personally identifiable information of licensed drivers from improper use or disclosure.
  • What is the Gramm-Leach-Bliley Act (GLBA)? - The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways financial institutions deal with the private information of individuals.
  • What is the triple bottom line (TBL)? - The triple bottom line (TBL) is a sustainability-based accounting framework that includes social, environmental and financial factors as bottom-line categories.
  • What is threat modeling? - Threat modeling is the systematic process of identifying threats to and vulnerabilities in software applications, and then defining countermeasures to mitigate those threats and vulnerabilities to better protect business processes, networks, systems and data.
  • Whistleblower Protection Act - The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from retaliatory action for voluntarily disclosing information about dishonest or illegal activities occurring in a government organization.