31 terms
ISO 56001
International standard for Innovation Management Systems, helping organizations systematically manage innovation activities.
Taiwan Trade Secret Act
Taiwan's Trade Secret Act protects economically valuable confidential business and technical information with criminal penalties for violations.
Disaster Recovery Plan
A plan for responding to IT system and infrastructure disruptions — a technical subset of BCP focused on system recovery.
OECD
International policy forum of 38 democratic market economies whose recommendations shape global AI, risk management, tax, and corporate governance policies.
ISO/SAE 21434
International standard for road vehicle cybersecurity engineering, specifying cybersecurity practices throughout the vehicle development lifecycle.
NIST
US federal agency publishing widely adopted technical standards including the Cybersecurity Framework (CSF) and AI Risk Management Framework (AI RMF).
EU AI Act
The EU's comprehensive AI regulation — the world's first major AI law, classifying AI systems by risk level with binding obligations.
Taiwan AI Basic Act
Taiwan's AI Basic Act passed in 2024, establishing foundational principles for AI development and government policy direction.
Automotive Safety Integrity Level
The automotive safety risk classification system defined by ISO 26262, ranging from ASIL A (lowest) to ASIL D (highest), determining safety development requirements for vehicle systems.
Enterprise Risk Management
An integrated approach to managing all risks that could affect an organization's objectives, embedding risk management into organizational culture and decision-making.
ISO 42001
International standard for AI management systems, helping organizations establish responsible AI governance frameworks.
TISAX
Trusted Information Security Assessment Exchange — the mandatory cybersecurity assessment for European automotive supply chains.
ISO 22301
International standard for Business Continuity Management Systems, helping organizations maintain operations during disruptive incidents.
Taiwan Personal Data Protection Act
Taiwan's Personal Data Protection Act regulating the collection, processing, and use of personal data, with fines up to NT$15 million.
EU Cyber Resilience Act
EU mandatory cybersecurity regulation for all connected products. From September 2027, all connected products sold in the EU must comply with CRA requirements and bear CE marking.
GDPR
EU General Data Protection Regulation — the world's strictest privacy law, with fines up to €20 million or 4% of global annual revenue.
ISO 26262
International standard for road vehicle functional safety, specifying safety development processes for automotive electrical/electronic systems including ASIL classification.
Data Protection Impact Assessment
A pre-implementation assessment required for high-risk personal data processing activities — mandatory under GDPR in certain circumstances.
Financial Stability Board
G20-mandated body monitoring global financial system systemic risks and making recommendations, with significant influence on national financial regulatory policies.
ISO 27701
International standard for Privacy Information Management Systems, extending ISO 27001 to help organizations comply with GDPR and other privacy regulations.
Supply Chain Resilience
The ability of a supply chain to maintain core functions and rapidly recover from disruptive events.
UN Regulation No. 155
UN Regulation No. 155 on vehicle cybersecurity, requiring OEMs to establish a Cybersecurity Management System (CSMS), mandatory in EU, Japan, and Korea.
Personal Data Protection Commission
Taiwan's dedicated personal data protection regulator (established 2023), responsible for enforcing the PDPA and expected to increase compliance enforcement intensity.
Bank for International Settlements
The bank for central banks, publishing Basel Accords and other global financial regulatory standards with definitive influence on banking risk management worldwide.
Business Impact Analysis
A methodology for identifying and quantifying the impact of business disruptions on an organization — the foundational tool for BCM and BCP.
ISO 31000
International standard providing principles and guidelines for risk management applicable to any organization.
Financial Supervisory Commission
Taiwan's top financial regulator overseeing banking, securities, insurance, and futures markets, with policy direction heavily influenced by BIS/FSB.
COSO ERM
The COSO Committee's integrated framework for enterprise risk management, emphasizing integration with business strategy and performance, widely used in public company governance.
Geopolitical Risk
Uncertainty and potential losses to business operations caused by geopolitical factors including international political relations, conflicts, sanctions, and trade barriers.
ENISA
EU cybersecurity agency responsible for technical standards for the EU AI Act and NIS2 Directive, with significant impact on Taiwan companies entering European markets.
IEC 62443 Industrial Cybersecurity Standard
International cybersecurity standard for Industrial Automation and Control Systems (IACS), covering manufacturing, energy, water treatment, and other critical infrastructure. Primary harmonized standard for EU CRA.