Risk Assessment

Risk Management

The process of identifying, assessing, and controlling threats to an organisation's capital and operations.

Operational Risk

The risk of loss resulting from inadequate or failed internal processes, people, systems, or external events.

Third-Party Risk Management

The process of identifying and mitigating risks associated with outsourcing to third-party vendors.

Vendor Risk Assessment

Evaluating the potential risks of engaging with a vendor including security, financial, and operational concerns.

Know Your Customer

The process of verifying the identity, suitability, and risks of customers in financial transactions.

AI Impact Assessment

A systematic evaluation of the potential effects and risks of an AI system before and during its deployment.

General Data Protection Regulation — EU legislation governing the collection and processing of personal data of EU residents.

A set of rules defining who can access specific resources and what actions they can perform.

The concept that data is subject to the laws and governance structures of the country where it is collected or processed.

The principle that organisations should be answerable for the outcomes and impacts of their algorithmic systems.

An independent assessment of an AI system's compliance with regulatory requirements, ethical standards, and organisational policies, examining data, models, outputs, and governance.

Control Objectives for Information and Related Technologies — a framework for IT governance and management.

The system of policies, rules, and processes by which activities are directed, controlled, and managed.

An individual responsible for overseeing an organisation's data protection strategy and regulatory compliance.