Responsible Disclosure

Audit Trail

A chronological record of system activities enabling the reconstruction and examination of a sequence of events.

Access Control Policy

A set of rules defining who can access specific resources and what actions they can perform.

The principle that organisations should be answerable for the outcomes and impacts of their algorithmic systems.

An approach to systems engineering that takes privacy into account throughout the entire engineering process.

The process of checking individuals and entities against government-issued lists of sanctioned parties.

The practice of expressing regulatory and security compliance requirements as machine-readable policies that can be automatically validated against infrastructure and application configurations.

An individual responsible for overseeing an organisation's data protection strategy and regulatory compliance.

Control Objectives for Information and Related Technologies — a framework for IT governance and management.

California Consumer Privacy Act — a US state law enhancing privacy rights and consumer protection for California residents.

An independent assessment of an AI system's compliance with regulatory requirements, ethical standards, and organisational policies, examining data, models, outputs, and governance.