Data Sovereignty

Governance

The system of policies, rules, and processes by which activities are directed, controlled, and managed.

Right to be Forgotten

A legal concept giving individuals the right to request deletion of their personal data from organisations' records.

Internal Audit

An independent assurance function that evaluates the effectiveness of an organisation's internal controls and governance.

COBIT

Control Objectives for Information and Related Technologies — a framework for IT governance and management.

Business Ethics

The application of ethical principles and moral standards to business activities, decisions, and relationships.

Anti-Money Laundering

Laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income.

Whistleblower Protection

Legal provisions protecting individuals who report illegal or unethical practices within organisations.

Information Classification

The process of categorising data based on its sensitivity level and the impact of unauthorised disclosure.

Acceptable Use Policy

A document defining the permitted use of an organisation's IT resources and networks.

AI Regulation

The developing body of laws and policies governing the development, deployment, and use of artificial intelligence systems.

Algorithmic Accountability

The principle that organisations should be answerable for the outcomes and impacts of their algorithmic systems.

Model Risk Management

The governance framework for identifying, measuring, and mitigating risks arising from AI and analytical models.

California Consumer Privacy Act — a US state law enhancing privacy rights and consumer protection for California residents.

The formal process of documenting and communicating security incidents, breaches, or compliance violations.

A structured set of controls and processes designed to manage risk and ensure compliance with regulations.

The practice of expressing regulatory and security compliance requirements as machine-readable policies that can be automatically validated against infrastructure and application configurations.

A systematic evaluation of the potential effects and risks of an AI system before and during its deployment.

Technology solutions designed to help companies comply with regulations efficiently and cost-effectively.

A set of rules defining who can access specific resources and what actions they can perform.

Adherence to laws, regulations, guidelines, and specifications relevant to an organisation's business.