Whistleblower Protection

Governance

The system of policies, rules, and processes by which activities are directed, controlled, and managed.

Right to be Forgotten

A legal concept giving individuals the right to request deletion of their personal data from organisations' records.

Data Sovereignty

The concept that data is subject to the laws and governance structures of the country where it is collected or processed.

Internal Audit

An independent assurance function that evaluates the effectiveness of an organisation's internal controls and governance.

COBIT

Control Objectives for Information and Related Technologies — a framework for IT governance and management.

Business Ethics

The application of ethical principles and moral standards to business activities, decisions, and relationships.

Anti-Money Laundering

Laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income.

Information Classification

The process of categorising data based on its sensitivity level and the impact of unauthorised disclosure.

Acceptable Use Policy

A document defining the permitted use of an organisation's IT resources and networks.

AI Regulation

The developing body of laws and policies governing the development, deployment, and use of artificial intelligence systems.

Algorithmic Accountability

The principle that organisations should be answerable for the outcomes and impacts of their algorithmic systems.

Model Risk Management

The governance framework for identifying, measuring, and mitigating risks arising from AI and analytical models.

A structured set of controls and processes designed to manage risk and ensure compliance with regulations.

An individual responsible for overseeing an organisation's data protection strategy and regulatory compliance.

Evaluating the potential risks of engaging with a vendor including security, financial, and operational concerns.

The overarching strategy for managing an organisation's information assets, balancing the need for data availability with security, privacy, compliance, and lifecycle management.

A structured approach to identifying, assessing, and mitigating risks associated with AI systems, as defined by standards such as NIST AI RMF and ISO/IEC 42001.

A set of principles, guidelines, and processes that an organisation adopts to ensure its AI systems are developed and deployed in a manner that is fair, transparent, and accountable.

The risk of loss resulting from inadequate or failed internal processes, people, systems, or external events.

The process of identifying and mitigating risks associated with outsourcing to third-party vendors.