Compliance Terminology and What They Mean

When you are an expert in compliance you already understand what all of the industry terminology and jargon mean. However, many small business owners are new to practicing compliance and, with the ever-growing importance of compliance, it's important to understand what everything means. We've taken the time to gather some of the most important compliance related jargon to help small business owners and new to compliance companies understand what everything means, starting with the most basic concepts.


The process or state of being in accordance with guidelines or specification that were most likely put into place by the government.


Every action we make that reflects our values as a person.


Our core beliefs, what we hold as right and fair in terms of our actions and our interactions with others.


A particular act, process or power of authority in an organization setting.


Intentionally lie or cheat in order to gain something that is not entitled to you.


The process of giving anonymous telephone access to employees who would like to report instances of wrongdoing.

Code of Conduct

A Code of Conduct is a policy of all policies. It acts as a central guide and reference for employees and users on the day-to-day decision-making process. It clarifies an organization's mission, values, and principles while linking them to the standards of professional conduct. 

Chief Privacy Officer

The CPO is the corporate executive in charge of policy implementation that is mainly designed to protect employee and customer data from unwarranted access.

Chief Risk Officer

The CRU is the corporate executive who assesses and mitigates significant competitive, regulatory and technological threats to your organization's capital. The Chief Risk Officer is sometimes called the Chief Risk Management Officer of Risk Management Officer.

Cyber Security

Cyber security is the technologies, processes, and practices designed to protect networks, computer, programs, and data from attack or unauthorized access.


Whistleblowers are people who voluntarily provide information to the public about dishonest or illegal business activities occurring within an organization. 


A type of malware that attempts to deny access to a user's data, usually through encryption known only to the hacker who initially deployed the malware. The data will be released once the ransom is paid.


An audit when an independent third party examines an entity to verify the guidelines outlined by a regulatory body, usually this is done by the government.


Acknowledgment of understanding and abidance to all policies, procedures or training.


An incentive given or offered to a person to encourage them to take an action, typically illegally, that benefits the giver.

Risk Assessment

The process of identifying variables that have the potential to impact the ability to conduct business in a negative way.

Risk Assessment Framework (RAF)

This is a strategy to prioritize and share information about the security risks within an IT infrastructure.

Compliance Burden

Compliance burden is the administrative cost of a regulation from a dollar, time and complexity standpoint.

Compliance Framework

Compliance frameworks are a structured set of guidelines that detail organization's processes in order to maintain accordance with established regulations, rules, and laws.

Compliance Audit

A compliance audit is an audit of how well an organization adheres to their regulatory guidelines. Usually, independent accounting, security or IT consultants will evaluate the strength and thoroughness of the organization's compliance policies. Auditors (usually from the government) look at security policies, user access controls, and risk management procedures.