200 terms
CISA (Cybersecurity and Infrastructure Security Agency)
US federal agency under DHS responsible for cybersecurity and critical infrastructure protection
ISO 56001
International standard for Innovation Management Systems, helping organizations systematically manage innovation activities.
Learn more →Bow-Tie Risk Analysis
A structured risk analysis method displaying cause-and-effect relationships in bow-tie diagram format
Learn more →Cross-Border Privacy Rules (CBPR)
APEC's cross-border privacy certification mechanism corresponding to EU GDPR for Asia-Pacific region, enabling legal data transfer to US, Japan etc.
Learn more →Taiwan Trade Secret Act
Taiwan's Trade Secret Act protects economically valuable confidential business and technical information with criminal penalties for violations.
Learn more →Disaster Recovery Plan
A plan for responding to IT system and infrastructure disruptions — a technical subset of BCP focused on system recovery.
Independent Sample Test
A statistical method used to determine if there is a significant difference between the means of two independent groups. In Privacy Information Management Systems (PIMS), it helps objectively evaluate the effectiveness of different privacy controls or notices on separate user populations, supporting evidence-based decision-making.
AI-Driven Predictive Continuity
Leveraging AI to predict potential business disruptions and automatically activate continuity plans, enhancing organizational resilience and minimizing impact.
Recovery Time Objective / Recovery Point Objective
RTO/RPO define maximum acceptable downtime and data loss targets for business continuity planning
Return on Invested Capital (ROIC)
A key financial metric measuring a company's efficiency in generating profits from all its capital sources (equity and debt).
Key Risk Indicator (KRI)
Quantitative metrics used to provide early warning signals of increasing risk exposure in key areas.
ISO 31000
International standard providing principles and guidelines for risk management applicable to any organization.
Total Shareholder Return (TSR)
Total Shareholder Return (TSR) is a measure of the total return to shareholders, including stock appreciation and dividends, over a specific period.
EU Cyber Resilience Act
EU mandatory cybersecurity regulation for all connected products. From September 2027, all connected products sold in the EU must comply with CRA requirements and bear CE marking.
PII processor
A PII processor is an entity that processes PII on behalf of a PII controller, such as a cloud service provider or data analytics firm.
Resource Pooling
Resource pooling is a core cloud computing feature where a provider's resources are pooled to serve multiple customers using a multi-tenant model.
ISO/IEC 17788
ISO/IEC 17788 is the international standard for cloud computing overview and vocabulary, unifying key terms and concepts.
Weighted Average Cost of Capital (WACC)
WACC measures a company's average after-tax cost of financing its assets, serving as a key discount rate for evaluating investment projects.
Products with digital elements
Any tangible movable item containing software or firmware that can connect directly or indirectly to a network.
International Integrated Reporting Framework (IIRC)
A global framework for communicating corporate value by integrating financial and non-financial information to show how an organization creates value over time through its six capitals.
General Explanation of the Amendments to the Regulations Governing Establishment of Internal Control Systems by Public Companies (2024-04-22)
An official explanation of Taiwan's latest regulatory amendment requiring public companies to integrate sustainability (ESG) information into their internal control and audit systems.
Learn more →Business Impact Analysis
A methodology for identifying and quantifying the impact of business disruptions on an organization — the foundational tool for BCM and BCP.
ISO 56001 Innovation Management System
ISO 56001 is the world's first certifiable international standard for innovation management systems, designed to help organizations institutionalize innovation and systematically manage uncertainty to achieve sustained value creation.
Regulations Governing the Handling of Financial Forecasts of Public Companies
A regulation that specifies the procedures, content, and responsibilities for public companies when disclosing financial forecasts to protect investors.
Information Security vs Privacy Protection
Information security serves as infrastructure for privacy protection, with overlapping but distinct regulatory requirements
Enterprise Risk Management
An integrated approach to managing all risks that could affect an organization's objectives, embedding risk management into organizational culture and decision-making.
ISO 27001 Information Security Management System
International standard for systematic information security management ensuring confidentiality, integrity, and availability
Business Continuity Plan (BCP)
Strategic plan for maintaining critical business operations during and after disruptive incidents
Enterprise Risk Management (ERM)
Enterprise Risk Management (ERM) is a strategic process for identifying, assessing, and preparing for any uncertainties that may affect an organization's objectives.
Accountability
Accountability is the obligation for an organization to be responsible for its data processing and to demonstrate compliance with regulations.
ISO 31000
ISO 31000 is the international standard for risk management, providing principles and generic guidelines for any organization to manage uncertainty.
Privacy-Preserving Machine Learning
A set of techniques enabling machine learning model training and analysis while protecting individual data privacy, using methods like federated learning and differential privacy.
Return on Equity (ROE)
A key metric measuring a company's ability to generate profits for its shareholders, indicating how much net income is earned per dollar of equity.
EU AI Act
The EU's comprehensive AI regulation — the world's first major AI law, classifying AI systems by risk level with binding obligations.
Mechanistic Interpretability
A field of AI safety research that aims to reverse engineer neural networks to understand their internal mechanisms.
Measured Service
A characteristic of cloud services that automatically controls and optimizes resource usage, which can be monitored, measured, and reported, forming the basis for pay-per-use models.
COSO ERM Framework (Enterprise Risk Management—Integrating with Strategy and Performance)
A globally recognized framework integrating risk management with strategy and performance to help organizations create, preserve, and realize value.
Value of Trade Secret Protection for R&D Innovation
Trade secrets offer perpetual protection, no disclosure requirement, low cost, and protection of negative knowledge, superior to patents for core R&D confidential information
Price-to-Book Ratio (PBR)
The Price-to-Book Ratio is a market valuation indicator that measures a company's stock price relative to its book value per share, used to assess potential undervaluation or overvaluation.
ISO 22301
International standard for Business Continuity Management Systems, helping organizations maintain operations during disruptive incidents.
Internal Market
A single market established by the EU to ensure the free movement of goods, services, capital, and people, where cyber resilience is key to its digital functioning.
Risk Appetite
The amount and type of risk that an organization is willing to accept in pursuit of its objectives.
Conformity Assessment Technologies
A set of technical methods to verify that an AI system meets specified requirements and standards, such as the EU AI Act.
PII controller
An entity that determines the purposes and means of processing Personally Identifiable Information (PII), acting as the key decision-maker in privacy protection.
Enterprise Value Plan
A plan outlining a company's operational strategies and specific measures to analyze its value and enhance long-term competitiveness for investors.
Privacy Risk Management
A systematic process to identify, assess, and respond to privacy risks arising from an organization's operations to protect individual privacy.
ISMS (Information Security Management System)
A framework for systematically managing an organization's sensitive information to ensure its confidentiality, integrity, and availability.
OECD Privacy Guidelines
The OECD Privacy Guidelines are a key international standard for protecting personal data and cross-border data flows, based on eight core principles that influence national privacy laws.
Action Plan for Sustainable Development of TWSE/TPEx Listed Companies (2023)
An FSC action plan to guide listed companies towards net-zero transition and sustainable development goals.
Learn more →Global Reporting Initiative (GRI) Standards
The Global Reporting Initiative (GRI) Standards are the world's most widely used framework for sustainability reporting, helping organizations disclose their impacts on the economy, environment, and people.
GDPR
EU General Data Protection Regulation — the world's strictest privacy law, with fines up to €20 million or 4% of global annual revenue.
IFRS S1 / S2 Sustainability Disclosure Standards
Global sustainability disclosure standards established by IASB for consistent ESG reporting
ISO/IEC 29134: Guidelines for privacy impact assessment
ISO/IEC 29134 is the international standard providing guidelines for Privacy Impact Assessments (PIAs) to help organizations assess and mitigate privacy risks.
ISO/SAE 21434
International standard for road vehicle cybersecurity engineering, specifying cybersecurity practices throughout the vehicle development lifecycle.
Shared Competence
Areas where both the EU and its member states may legislate, but member states can only act if the EU has not.
Broad network access
Broad network access is a key cloud computing characteristic, allowing services to be accessed from diverse devices like computers and phones via standard mechanisms.
IEC 62443 Industrial Cybersecurity Standard
International cybersecurity standard for Industrial Automation and Control Systems (IACS), covering manufacturing, energy, water treatment, and other critical infrastructure. Primary harmonized standard for EU CRA.
Why ERM Matters for Corporate Governance
ERM transforms boards from reactive firefighting to proactive oversight, boosting investor confidence and enterprise valuation
Personal Information De-identification Process Management System (PIDIPMS)
A management system for the personal information de-identification process, ensuring data protection and regulatory compliance during value-added applications.
ISO 42001
International standard for AI management systems, helping organizations establish responsible AI governance frameworks.
ISO/IEC 29134
ISO/IEC 29134 is an international standard providing guidelines for conducting a Privacy Impact Assessment (PIA) to systematically evaluate and treat privacy risks of a project.
De-identification
De-identification is the process of removing or obscuring personal identifiers from data to enable analysis while protecting individual privacy.
Level Playing Field
A situation where all businesses are subject to the same minimum standards and rules, ensuring fair competition and preventing risks caused by the negligence of a few.
ESG (Environmental, Social, and Governance)
A framework evaluating corporate performance in Environmental, Social, and Governance aspects for sustainable business practices.
GDPR (General Data Protection Regulation)
A strict EU regulation for personal data and privacy protection for all individuals within the EU, with global applicability.
Privacy UX UI
The practice of integrating privacy principles into user interface and experience design, ensuring user control and transparency.
Transborder Flows of Personal Data
The transmission of personal data from one country to another, requiring compliance with specific regulations to ensure equivalent protection abroad.
Regulations Governing the Handling of Financial Forecasts of Public Companies
These are regulations by the FSC governing the preparation and disclosure of corporate financial forecasts to ensure transparent information and protect investors.
Shareholder Return
The financial policy by which a company returns profits to its shareholders, typically through cash dividends or share buybacks.
ESG-Related Risks
ESG-related risks are potential threats arising from environmental, social, and governance factors that can impact a company's financial performance and operations.
Personal Information Incident
A Personal Information Incident is an event where personal data is disclosed, altered, destroyed, or stolen without authorization, harming the individual's rights.
Enterprise Risk Management vs Enterprise Resilience
ERM is risk appetite decision system, resilience is shock absorption capability; ERM provides foundational framework for resilience
Learn more →IR Engagement Service Platform
A digital platform to help listed companies conduct ESG-focused communication and engagement with institutional investors.
Learn more →ISO 27701
International standard for Privacy Information Management Systems, extending ISO 27001 to help organizations comply with GDPR and other privacy regulations.
OECD
International policy forum of 38 democratic market economies whose recommendations shape global AI, risk management, tax, and corporate governance policies.
Public cloud
A cloud computing model where services are owned and operated by a third-party provider and delivered over the internet to the public.
Pseudonymization
Pseudonymization is a data protection technique that replaces personal data with pseudonyms, preventing direct identification without additional information.
Corporate Value Enhancement Plan
A concrete plan formulated and disclosed by a company, analyzing its internal and external status to set operational strategies, financial goals, and governance policies to enhance long-term value.
k-anonymity
k-anonymity is a data de-identification technique ensuring any record in a dataset cannot be distinguished from at least k-1 other records, thus protecting individual privacy.
Multi-tenancy
A software architecture where a single software instance serves multiple tenants (customers), with mechanisms to keep each tenant's data isolated and secure.
Stakeholder
A stakeholder is any person or organization that can affect, be affected by, or perceive themselves to be affected by an organization's decisions or activities.
Anonymization
Anonymization is a data processing technique that irreversibly alters personal data, preventing the re-identification of any specific individual.
Agentic ERM
An ERM framework using AI agents to automate risk monitoring, alerting, and response, enhancing proactive risk management.
Personal Data
Information that can directly or indirectly identify a natural person, crucial for digital transformation and regulatory compliance.
Accountability
Accountability is an organization's obligation to not only comply with data protection regulations but also to demonstrate that compliance.
Adversarial Robustness
An AI model's ability to resist malicious inputs designed to cause errors, ensuring stable and accurate performance.
Taiwan AI Basic Act
Taiwan's AI Basic Act passed in 2024, establishing foundational principles for AI development and government policy direction.
Algorithmic Impact Assessments
A systematic process to assess the potential risks of automated decision-making systems on individuals and society.
Community Cloud
A cloud deployment model where infrastructure is shared exclusively by a community of organizations with common goals (e.g., mission, compliance).
SELF DRIVE Act 2026
A proposed U.S. federal framework to regulate autonomous vehicles, superseding state laws and establishing a new entity for unified oversight.
Products with Digital Elements
Any software or hardware product and its solution whose intended use includes a direct or indirect data connection to a device or network.
Learn more →ISO 26262
International standard for road vehicle functional safety, specifying safety development processes for automotive electrical/electronic systems including ASIL classification.
PII (Personally Identifiable Information)
PII is any information that can be used to identify a specific individual, directly or indirectly. It is a core subject of corporate compliance and information security.
Zero-Party Data
Data a customer intentionally and proactively shares with a company, such as preferences, purchase intentions, and personal context.
Anonymization
The process of irreversibly altering personal data so that an individual cannot be identified, thereby reducing privacy risks.
Geopolitical Risk Management Framework
Systematic framework for identifying, assessing and responding to geopolitical events' impact on business operations
ISO/IEC 27701 (International Standard)
An international privacy information management standard that extends ISO 27001, helping organizations protect personal data and comply with global privacy regulations.
Supply Chain Resilience
The ability of a supply chain to maintain core functions and rapidly recover from disruptive events.
Bank for International Settlements
The bank for central banks, publishing Basel Accords and other global financial regulatory standards with definitive influence on banking risk management worldwide.
Consent Management Platform
A software tool that manages user consent for cookies and personal data processing, ensuring compliance with privacy regulations.
Financial Stability Board
G20-mandated body monitoring global financial system systemic risks and making recommendations, with significant influence on national financial regulatory policies.
ISO/IEC 22123-2
An international standard that specifies core concepts for cloud computing, aiming to establish a common understanding for global cloud services.
k-anonymity
k-anonymity is a data de-identification technique ensuring any record in a dataset cannot be distinguished from at least k-1 other records.
Treasury Stock
Treasury stock refers to shares a company repurchases from the open market. It can be used to increase EPS, for employee compensation, or to stabilize the stock price, but holds no voting rights or dividends.
AI Alignment
The practice of ensuring AI systems' goals and behaviors are consistent with human values and intentions, preventing unintended harmful outcomes.
PIMS (Privacy Information Management System)
PIMS is a framework for managing Personally Identifiable Information (PII) to protect individual privacy and comply with regulatory requirements.
Hybrid cloud
A hybrid cloud combines a private cloud with one or more public cloud services, allowing data and applications to be shared between them.
Security-by-Design Automotive
An approach integrating cybersecurity into every phase of the vehicle development lifecycle, from concept to decommissioning, as mandated by ISO/SAE 21434.
Data Protection Impact Assessment
A pre-implementation assessment required for high-risk personal data processing activities — mandatory under GDPR in certain circumstances.
Why is Trade Secret Protection Important?
Trade secrets offer perpetual protection without disclosure, unlike patents' 20-year limit and mandatory revelation, providing broadest scope
Green Claims Directive
An EU directive to combat greenwashing by requiring sustainability claims to be substantiated with scientific evidence and third-party verification.
NIST
US federal agency publishing widely adopted technical standards including the Cybersecurity Framework (CSF) and AI Risk Management Framework (AI RMF).
Private cloud
A private cloud is a cloud computing environment dedicated to a single organization, offering the highest degree of control over resources, security, and service quality.
Cloud Service Partner
An external vendor providing cloud computing services, entrusted with processing or storing a company's data, forming a critical part of supply chain security.
OTA Security Automotive
Ensuring the security of over-the-air (OTA) vehicle software updates, encompassing integrity, authenticity, and confidentiality, as mandated by regulations like UN R156.
ISO/SAE 21434 Amendment
A revision to the international automotive cybersecurity standard, enhancing supply chain security, SBOM, and vulnerability disclosure.
Zero-Knowledge Proofs
A cryptographic method to prove a statement is true without revealing any information beyond its validity.
Supply Chain Dependency Mapping
A process of visually representing supply chain nodes to identify critical dependencies, single points of failure, and concentration risks.
CNS 17788
CNS 17788 is Taiwan's national standard for cloud service information security and personal data protection, integrating ISO/IEC 27017 and 27018.
Interconnected Risk Business Continuity Management
A BCM approach assessing cascading effects of multiple, interconnected crises to enhance organizational resilience.
Human-in-the-loop
A model requiring human interaction and oversight to guide, improve, or intervene in an AI system's decision-making process.
Third-Party Risk Management BCM
An integrated strategy to manage operational disruption risks arising from reliance on third-party service providers.
GDPR Data IP
Intellectual property rights and compliance issues concerning personal data under the GDPR framework.
V2X Anomaly Detection
A system that identifies and flags abnormal or malicious signals within Vehicle-to-Everything (V2X) communication networks to ensure road safety.
Sustainability Reporting IP
The obligation to disclose sustainability-related intangible assets, such as R&D and green patents, under reporting standards like CSRD and ISSB.
CSMS Cybersecurity Management System Auto
A management system required by UN R155, ensuring cybersecurity throughout the vehicle's entire lifecycle, from development to post-production.
Cyber Resilience BCM
An integrated approach combining cybersecurity and Business Continuity Management (BCM) to ensure an organization can withstand, respond to, and recover from cyber incidents.
Digital Twins for Resilience
A dynamic virtual model of a physical system used to simulate, predict, and enhance its operational resilience against disruptions.
Geopolitical Risk Inventory
A systematic list used to identify, assess, and manage an organization's exposure to geopolitical risks, such as conflicts and regulatory changes.
Data Clean Rooms
A secure environment where multiple parties can collaborate on data analysis without sharing the raw data, ensuring privacy and compliance.
DORA NIS2 Compliance
The dual compliance requirement for EU's financial digital operational resilience (DORA) and network and information systems security (NIS2) directives.
Adaptive Governance BCM
A resilience governance framework that dynamically adjusts BCPs to address emerging risks and regulatory demands.
Supply Chain Traceability ERM
Integrating supply chain traceability data into Enterprise Risk Management (ERM) to ensure regulatory compliance, mitigate risks, and enhance operational resilience.
Trademark Modernization Act
A U.S. federal law to streamline the trademark registration process and combat fraudulent filings by allowing easier removal of unused trademarks.
IP Monetization
The process of converting intellectual property rights into revenue streams or economic value.
Tabletop Exercise Automation
The use of technology to automate the creation, execution, and documentation of business continuity tabletop exercises, enhancing efficiency and compliance.
Whistleblower Protections ERM
Integrating whistleblower protection systems into the enterprise risk management framework to identify, assess, and mitigate compliance, legal, and reputational risks.
Authorised Self-Driving Entity
A legal entity certified by a regulatory body to commercially deploy self-driving vehicles, assuming full legal and operational responsibility.
CSRD Double Materiality
A principle assessing ESG issues' two-way impact: on the company's finances and the company's impact on society and the environment.
Federal AV Framework
A U.S. federal policy framework providing guidance for the safe development and deployment of automated vehicles.
Operational Resilience
An organization's ability to continue delivering critical operations through severe but plausible disruptions.
Non-Practicing Entities
Entities that hold patents but do not manufacture or sell products, primarily earning revenue through licensing or litigation.
Patent Portfolio Optimization
A strategic process of managing patent assets to align with business goals, maximize value, and minimize costs and risks.
UNECE Regulation No. 156 (Software Update and Software Update Management System)
A mandatory UNECE regulation governing vehicle software updates and their management systems (SUMS). It requires manufacturers to implement secure processes for over-the-air (OTA) updates throughout the vehicle lifecycle. Compliance is essential for type approval, ensuring the integrity and safety of software updates.
Predictive Risk Intelligence
Using AI/ML to analyze data, proactively identifying and managing potential future risks before they materialize.
Scenario Planning Analytics
A method using data analytics and AI to simulate and evaluate potential future risk scenarios, aiding strategic decision-making and resilience planning.
Treaty on the Functioning of the European Union (TFEU)
The Treaty on the Functioning of the European Union (TFEU) is a core EU treaty governing the internal market, competition, and personal data protection, impacting global businesses.
Learn more →AI Copyright
The legal framework governing ownership and protection of creative works generated by artificial intelligence systems.
Interconnected Threats ERM
A systematic approach to manage the compound impact of interconnected geopolitical, climate, technological, and regulatory risks within an ERM framework.
Digital Operational Resilience Act
An EU regulation strengthening the ICT risk management capabilities of financial entities to ensure operational resilience.
Taiwan Personal Data Protection Act
Taiwan's Personal Data Protection Act regulating the collection, processing, and use of personal data, with fines up to NT$15 million.
AI Lifecycle
The AI lifecycle encompasses all stages of an AI system, from design and data collection to model training, deployment, monitoring, and retirement. It provides a structured framework for managing risks and ensuring compliance with standards like the NIST AI RMF and ISO/IEC 42001.
Re-identification
The process of re-associating de-identified data with a specific individual by linking it with other information.
Automotive Safety Integrity Level
The automotive safety risk classification system defined by ISO 26262, ranging from ASIL A (lowest) to ASIL D (highest), determining safety development requirements for vehicle systems.
Data Processing Agreement
A Data Processing Agreement (DPA) is a legally binding contract between a data controller and a data processor, outlining their respective obligations when personal data is processed by a third party. Mandated by regulations like GDPR Article 28, it ensures data protection, compliance, and mitigates legal and financial risks for organizations.
Infrastructure as a Service (IaaS)
IaaS is a cloud computing service that provides users with virtualized computing, storage, and networking IT infrastructure resources.
Cyber Resilience Act (CRA)
A mandatory EU regulation for products with digital elements, ensuring their cybersecurity from design and development throughout their entire lifecycle.
Learn more →Drug Patent Term Restoration
A system to compensate for patent term lost during a drug's regulatory review process.
Technical Documentation
A set of documents systematically detailing an AI system's design, data, development, and performance, as required by regulations like the EU AI Act. It ensures transparency, traceability, and accountability throughout the AI lifecycle, serving as key evidence for compliance and risk management.
Software as a Service (SaaS)
Software as a Service (SaaS) is a cloud computing service that allows users to access a provider's applications over the internet, typically via a web browser, without managing the underlying infrastructure.
high-risk categories
A classification under the EU AI Act for AI systems posing significant risks to health, safety, or fundamental rights. These systems, listed in Annex III, face stringent requirements for data governance, documentation, and human oversight, mandating a robust risk management system aligned with standards like ISO/IEC 23894.
algorithmic transparency
Algorithmic transparency involves disclosing AI system logic, decision-making processes, and potential impacts to ensure explainability and auditability. Essential for AI development and deployment, it builds trust, mitigates compliance risks, and meets regulatory demands like GDPR and NIST AI RMF.
Pearson’s correlation coefficient
Pearson's correlation coefficient is a statistical measure of the linear relationship between two continuous variables. In AI governance, as referenced in NIST AI RMF testing protocols, it's used to assess feature importance or detect bias. For enterprises, it quantifies relationships between risk factors, supporting data-driven mitigation strategies.
AI Risk Management Framework (AI RMF)
The NIST AI Risk Management Framework (AI RMF) provides a structured approach for organizations to identify, assess, mitigate, and monitor risks associated with artificial intelligence systems. Applicable across industries, it aims to enhance AI trustworthiness, fairness, and transparency, crucial for enterprise compliance and building public trust.
Executive Personal Liability ERM
A risk management framework to manage executives' personal legal or financial liability arising from their professional duties and decisions.
Sustainability Accounting Standards Board (SASB) Standards
The Sustainability Accounting Standards Board (SASB) Standards are global standards for disclosing financially material sustainability information for specific industries to investors.
Statutory Interpretation
Statutory interpretation is the process of determining the intended meaning of legislative text. It is crucial for clarifying compliance obligations under complex regulations like the EU AI Act, enabling enterprises to manage legal risks associated with high-risk AI systems.
Data Processor
A natural or legal person that processes personal data on behalf of the data controller.
Privacy Risk Assessment
A Privacy Risk Assessment is a systematic process to evaluate activities involving personal data, aiming to identify and mitigate potential impacts on individual privacy.
TISAX
Trusted Information Security Assessment Exchange — the mandatory cybersecurity assessment for European automotive supply chains.
Specific Purpose
The principle that personal data must be collected for specified, explicit, and legitimate purposes and not be further processed in a manner incompatible with those purposes.
TWSE Guidelines for the Preparation of Material Topics in Sustainability Reports
Official TWSE guidelines, based on GRI Standards, for listed companies to identify and prioritize material sustainability topics for their reports.
Learn more →collective ethical decision frameworks
Collective ethical decision frameworks integrate ethical preferences from multiple AI agents or human stakeholders to reach unified, ethically sound decisions. Applicable to complex AI systems (e.g., autonomous vehicles), they help enterprises ensure AI behavior aligns with societal values and regulatory requirements, mitigating reputational and compliance risks, as outlined in standards like NIST AI RMF.
Remaining useful life (RUL)
Remaining Useful Life (RUL) is the predicted duration an asset can operate before failure. Critical for predictive maintenance and asset health monitoring, RUL helps enterprises optimize maintenance schedules, reduce downtime risks, and enhance operational resilience, aligning with ISO 55000 asset management principles.
Criteria for Requiring Publicly Listed Companies to Disclose Complete Financial Forecasts
These are regulatory standards defining specific situations where listed companies must disclose complete financial forecasts, such as when releasing specific profit projections to the media.
Platform as a Service (PaaS)
Platform as a Service (PaaS) is a cloud service that provides a platform for developing and deploying applications, allowing businesses to focus on software development without managing the underlying infrastructure.
constant false-alarm rate (CFAR)
Constant False-Alarm Rate (CFAR) is a technique in signal detection systems that dynamically adjusts detection thresholds to maintain a constant probability of false alarms. It ensures stable target detection despite varying background noise, crucial for reliable anomaly detection, reducing false positive costs, and enhancing decision-making in monitoring, security, and quality control.
risk-based approach
The risk-based approach is a strategic methodology for prioritizing and managing risks by allocating resources to the most significant threats. Central to frameworks like ISO 31000 and the EU AI Act, it enables organizations to focus controls where they are most needed, ensuring efficient compliance and effective risk mitigation.
EU Cybersecurity Act
The first comprehensive EU-wide cybersecurity framework, designed to enhance the EU's overall cyber resilience and establish a unified certification scheme for ICT products, services, and processes.
Learn more →Network and Information Systems Security Directive 2 (NIS2 Directive)
A legal framework enacted by the EU to enhance the cybersecurity resilience of critical infrastructure, expanding its scope and strengthening penalties to establish a high common level of cybersecurity across the Union.
Data Controller
A data controller is the entity that determines the purposes and means of processing personal data, holding primary responsibility for data protection.
AI harms
AI harms refer to the negative impacts of AI systems on individuals, groups, society, or the environment. These include issues like bias, privacy violations, and safety risks. Enterprises must manage these harms by implementing frameworks like the NIST AI Risk Management Framework (AI RMF) to ensure responsible and compliant AI deployment.
COSO ERM
The COSO Committee's integrated framework for enterprise risk management, emphasizing integration with business strategy and performance, widely used in public company governance.
COSO Framework
A leading framework for internal control and enterprise risk management published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). It provides principles-based guidance for designing, implementing, and assessing control systems to manage risks and achieve strategic objectives.
UNECE R155 - Cyber Security and Cyber Security Management System
UNECE Regulation No. 155 (R155) is a mandatory regulation for vehicle cybersecurity. It requires manufacturers to implement a certified Cyber Security Management System (CSMS) to manage cyber risks throughout the vehicle lifecycle. Compliance is essential for type approval in signatory countries.
Service Level Agreement
A contract between a service provider and a client that defines measurable metrics for service quality, responsibilities, and expectations.
data poisoning
Data poisoning is a malicious attack that alters AI model training data to influence the learning process, causing errors or biases. Occurring primarily during the machine learning training phase, it poses significant risks to enterprises, leading to incorrect AI decisions, service disruptions, reputational damage, and severe compliance issues, as addressed by NIST AI RMF and ISO/IEC 27001.
Regulation (EU) 2019/1020 on market surveillance and compliance of products
This regulation strengthens EU market surveillance to ensure products sold, especially those from outside the EU, comply with regulations, protecting consumer safety and public interests.
Learn more →AI Act
The EU's landmark regulation creating a comprehensive legal framework for Artificial Intelligence. It uses a risk-based approach, classifying AI systems into four tiers and imposing corresponding obligations. It impacts any entity placing AI systems on the EU market, mandating compliance with safety, transparency, and fundamental rights.
Harmonisation
The process of integrating multiple, diverse regulations, standards, or frameworks into a consistent approach to streamline compliance, reduce costs, and improve efficiency.
Price-to-Earnings Ratio (P/E Ratio)
The Price-to-Earnings (P/E) ratio measures a company's stock price relative to its per-share earnings, indicating market expectations and valuation.
Capital Allocation
Capital allocation is the decision-making process of distributing a company's financial resources to various opportunities to maximize long-term value.
Supply Chain Risk Management
Supply Chain Risk Management (SCRM) is the systematic process of identifying, assessing, mitigating, and monitoring potential disruptions and threats within a supply chain. Crucial for globalized, complex supply chains across all industries, it enhances operational resilience, reduces costs, protects reputation, and ensures compliance, often referencing standards like ISO 28000.
amortized Bayesian inference
Amortized Bayesian inference pre-trains an inference network to rapidly estimate posterior distributions for new observations, amortizing computational costs upfront. Crucial for dynamic AI/ML applications, it enhances enterprise decision-making speed and risk management responsiveness, ensuring timely and reliable AI system performance.
Article 114 TFEU
Article 114 of the Treaty on the Functioning of the European Union is the legal basis for harmonizing laws to establish and ensure the functioning of the EU's internal market.
Learn more →Aggregated Data
Aggregated data is statistical information compiled from multiple individuals' data, from which personal identifiers have been removed.
AI Literacy
The ability to understand, apply, and critically evaluate artificial intelligence systems. For enterprises, AI literacy is fundamental to responsible AI deployment, mitigating operational and compliance risks, and is a prerequisite for implementing frameworks like the NIST AI RMF and ISO/IEC 42001.
TWSE Sustainability Report Material Topics Disclosure Examples
An official TWSE guide based on GRI standards to help companies identify and disclose material sustainability topics.
Learn more →Data Usability
Data Usability, often termed "Availability" in information security, ensures that information is accessible and usable upon demand by an authorized entity, a cornerstone of the CIA triad.
Geopolitical Risk
Uncertainty and potential losses to business operations caused by geopolitical factors including international political relations, conflicts, sanctions, and trade barriers.