Glossary

Aetos assists in configuring compliance software to translate technical requirements into competitive sales advantages.

Artificial intelligence systems that can act autonomously and make decisions without human intervention.

The framework and processes for overseeing the use of artificial intelligence, ensuring compliance with regulations and ethical standards.

A regulatory penalty that requires a company to delete AI models and related algorithms trained on unlawfully collected or improperly used data, preventing companies from profiting from privacy violations.

The practice of making the operations and decision-making processes of algorithms clear and understandable, important for compliance and governance in AI.

An executive role responsible for overseeing an organization's trust strategies, including data privacy and AI governance.

The accumulation of postponed regulatory, operational, and business requirements that startups defer during rapid growth, which incurs future costs and risks, hindering business expansion.

The practice of obtaining and managing user consent for data collection and usage, essential for compliance and reducing the risk of algorithmic disgorgement.

The lack of implementation or maintenance of necessary security controls, access management, or operational safeguards, which are part of compliance debt.

A document or process where a company provides information about its security controls and practices to an insurer, forming the basis for the insurance agreement.

The stages through which data passes, from initial collection to eventual deletion or archival.

The practice of managing and protecting personal information throughout its lifecycle, from collection to use.

The process of tracking and documenting the origin and history of data, crucial for ensuring compliance and mitigating risks of algorithmic disgorgement.

A strategy for assessing and improving the security measures in place to protect data within an organization.

Choices made regarding the provenance, minimization, consent, and privacy by design of data before collection or model training begins.

A request made by an individual to an organization to access their personal data that the organization holds.

The postponement of internal audits, third-party security assessments, or reviews of vendor compliance, contributing to compliance debt.

A situation where a business interruption occurs due to a failure or outage in a third-party vendor's systems, often requiring additional policy endorsements for coverage.

The failure to document internal processes, security controls, or data handling procedures, contributing to compliance debt.

The failure to keep pace with new industry standards, best practices, or changes in customer requirements, which can contribute to compliance debt.

The use of tools by insurers to assess a company's public-facing security controls and verify the accuracy of information provided in the insurance application.

A U.S. regulatory body that enforces laws against deceptive or unfair business practices, including those related to data privacy and algorithmic disgorgement.

An operational leader who designs trust architecture, manages vendor risk, and handles complex security questionnaires, complementing automated software.

A legal principle dictating that evidence derived from an illegal source is inadmissible, used in the context of AI to mean that algorithms trained on unlawfully obtained data must be destroyed.

Google Dataplex is a cloud-native governance platform providing convenient data governance within Google cloud environments.

A philosophy where AI governance is made intrinsic to product development from inception, ensuring ethical considerations and regulatory compliance are embedded from the start.

The trust and assurance investors have in a startup's ability to manage risks and comply with regulations, often enhanced by robust AI governance practices.

The comprehensive appraisal of a business by a prospective buyer or investor, particularly to establish its assets and liabilities and evaluate its commercial potential.

The phenomenon where a machine learning model's performance degrades over time due to changes in the underlying data or environment.

The increased time and resources spent on addressing issues arising from non-compliance, rather than focusing on strategic initiatives.

The strategic context explaining why a security control exists, who manages it, and how it aligns with the company’s broader risk appetite.

Specific conditions or circumstances listed in an insurance policy that are not covered by the insurance, such as breaches originating from vendors.

Pre-configured sets of compliance guidelines and controls designed to automate adherence to specific regulatory frameworks.

The speed at which a company can develop and release new products or features, which can be slowed by compliance debt.

The harm to a company's reputation due to public incidents stemming from compliance failures.

Damage to a company's reputation, which can occur from failing to implement adequate AI governance, leading to ethical breaches or regulatory penalties.

The series of predictable phases required to sell a product or service to a customer.

Positioning security as a competitive advantage that accelerates sales by aligning security programs with legal and sales goals.

Delaying updates and patches for software and infrastructure, leaving systems vulnerable and contributing to compliance debt.

A state where a company has compliance badges but lacks the internal culture or expertise to defend their security posture during a live interrogation.

Raw data such as logs, screenshots, and system configurations that prove a security control is technically active.

A comprehensive approach to integrating privacy and security workflows to build trust in data handling processes.

A cyber incident that originates from a third-party vendor or service provider but affects the insured company's data or operations.

Provisions in an insurance policy that exclude coverage for losses originating from third-party vendors.

Insurance policy exclusions that deny coverage for incidents deemed to be acts of war, such as cyberattacks attributed to foreign governments.