Audit Trail

Access Control Policy

A set of rules defining who can access specific resources and what actions they can perform.

Responsible Disclosure

A security vulnerability reporting practice where researchers privately notify affected organisations and allow reasonable time for remediation before public disclosure of the vulnerability.

A structured approach to identifying, assessing, and mitigating risks associated with AI systems, as defined by standards such as NIST AI RMF and ISO/IEC 42001.

The overarching strategy for managing an organisation's information assets, balancing the need for data availability with security, privacy, compliance, and lifecycle management.

Control Objectives for Information and Related Technologies — a framework for IT governance and management.

A document defining the permitted use of an organisation's IT resources and networks.

A structured set of controls and processes designed to manage risk and ensure compliance with regulations.

The system of policies, rules, and processes by which activities are directed, controlled, and managed.

The process of identifying, assessing, and controlling threats to an organisation's capital and operations.

A systematic evaluation of the potential social, economic, and civil rights impacts of an automated decision-making system before and after deployment.