Term Definition Standardization

Standard_Term_Relationships.png

The following table contains descriptions that are meant to be used as a starting point for writing definitions. Do not copy and paste directly. Tailor definitions to fit each term.

Term

UCF Element

Description

Example

Exception

Noun

An action or entity that does not conform to normal operations or rules. 

 

compliance exception:

An instance that does not conform to the general rule of being in accordance with laws, regulations, industry codes, organizational standards, or contractual arrangements.

Framework

cDoc or Record Example

The overall documented structure and template that the organization can use to create and maintain XXX (It defines the scope, objectives, activities, and structure)

compliance framework:

A compliance framework is a structured set of guidelines to aggregate and harmonize, then integrate, all compliance requirements applicable to an organization.

Guideline Record Example  A documented recommendation of how an organization should XXX. (Inspiration for Programs, policies, etc.) 

coding guideline:

A documented recommendation of how an organization should implement best practices for computer coding.

Measure Noun A course of action taken to enforce guidelines and standards.

organizational measure:

A plan or course of action taken to achieve a particular purpose by an organization.

Methodology Noun Business strategy of how to approach XXX. (how to approach creating a framework, policy, etc.) 

reporting methodology:

A system of processes and procedures used in the querying of data sources with different models to produce readable compilations of information.

Metrics Standard Record Example A methodology for measuring XXX designed to facilitate decision-making and improve the performance thereof. The standard includes an explanation of the metric formula, the calculation used to define the metric, how the metric should be displayed, and where to find the data or information that feeds the metric calculation.

audit metrics standard:

A methodology for measuring both internal and external audit processes and performance designed to facilitate decision-making and improve the performance thereof. The standard includes an explanation of the metric formula, the calculation used to define the metric, how the metric should be displayed, and where to find the data or information that feeds the metric calculation.

 

Plan

Record Example 

A step-by-step outline of the processes and procedures to be performed to complete or implement XXX. 

Business Continuity Plan:

A proposal detailing the processes and procedures to put into place to ensure that essential organizational functions can continue during and after a disaster.

Policy

Record Example

The business rules and guidelines of the organization that ensure consistency and compliance with XXX.

Information Technology asset removal policy:

The business rules and guidelines for removing Information Technology assets from the facility.  

Procedure

Record Example

A detailed description of the steps necessary to implement or perform XXX in conformance with applicable standards. A procedure is written to ensure XXX is implemented or performed in the same manner in order to obtain the same results.

physical security procedure:

A set of guidelines that lists actions needing to be taken in order to provide physical security.

Process

Noun

Activities performed while following the documented procedures.

access process:

A series of steps used to secure access to information or to facilities.

Program Record Example A documented listing of procedures, schedules, roles and responsibilities, and plans/instructions to be performed to complete/implement XXX. 

security awareness program:

The documented plan and documented activities to create well-informed interest in being free from danger or threat.

Requirement Record Example  A condition or capability that must be met. 

third party reporting requirement:

A formal statement of the necessity, completeness, and timeliness the third party must follow when providing information or reports to an organization.

Specification Record Example A defined set of requirements. system requirements specification:
A detailed description of what a system must be able to do and perform under certain conditions.

Standard

Record Example

A documented goal or ideal an organization uses to determine their compliance with XXX.

supply chain management standard:

A documented goal or ideal that an organization uses to ensure that the business activities and performance of its suppliers align with internal and external requirements.

Strategy Record Example A documented plan or method an organization uses to achieve a major or overall goal.

awareness and training strategy:

A plan of action for teaching relevant skills necessary to perform specific functions and focusing attention on issues.

System

Noun

A collection of techniques, processes, and technologies implemented while following the documented programs.

 

risk reporting system:

A collection of techniques, processes, and technologies that are implemented to facilitate the conveyance of risk and mitigation-related information to relevant personnel.

Asset

A set of resources under the same control that share common functionality.

Computer System:

A collection of related hardware, software, or both that work together for a common purpose or are regarded as a whole.

 Technique Noun  The use of a specific technology or procedure to achieve XXX in alignment with the organization's methodologies. (usually when there are multiple paths for an Organization to take)

de-identification technique:

An established or planned way to remove a person's identity associated with information in compliance with pertinent standards

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.