Compliance: Glossary

Directions: Click on each term to read our complete definition. We invite you to print out this page for your convenience.

ANSI (American National Standards Institute) - the primary organization for fostering the development of technology standards in the United States.

California Security Breach Information Act - California state legislation requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information is compromised.

Can-Spam Act of 2003 - legislation enacted in the United States that places restrictions on unsolicited bulk mail (UBE), such as requiring valid sender contact information and opt-out mechanisms.

Chief Compliance Officer (CCO) - a corporate official in charge of overseeing and managing compliance issues within an organization, ensuring, for example, that a company is complying with regulatory requirements, and that the company and its employees are complying with internal policies and procedures.

compliance - a state or acts of accordance with established standards, specifications, regulations, or laws. Compliance more often connotes a very specific following of the provided model and is usually the term used for the adherence to government regulations and laws. Also see conformance.

conformance - in information technology, a state or acts of adherence to a certain specification, standard, or guideline. Sometimes used as a synonym for compliance. Conformance more often connotes a similarity to the model being followed within some allowed range.

do not call list - a registry of phone numbers in the United States that telemarketers are prohibited from calling in most circumstances. The list is maintained by the National Do Not Call Registry of the Federal Trade Commission (FTC), and consumers can contact the agency to have their numbers registered.

DVD Forum - an international organization made up of companies using or manufacturing digital versatile disc (DVD)-related products.

Electronic Industries Association (EIA) - consortium that makes decisions about data transmission standards.

Federal Information Processing Standard (FIPS) - a set of standards that describe document processing, provide standard algorithms for searching, and provide other information processing standards for use within government agencies.

Gramm-Leach-Bliley Act (GLB) - federal legislation enacted in the United States to control the ways that financial institutions deal with the private information of individuals.

HIPAA (United States Health Insurance Portability and Accountability Act of 1996) - two sections: HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs; HIPAA Title II includes an administrative simplification section which deals with the standardization of healthcare-related information systems (IT industry references are usually about HIPPA Title II).

ICANN (Internet Corporation for Assigned Names and Numbers) - the private (non-government) non-profit corporation with responsibility for IP address space allocation, protocol parameter assignment, domain name system management, and root server system management functions.

IEEE (Institute of Electrical and Electronics Engineers) - self-described as the "world's largest technical professional society -- promoting the development and application of electrotechnology and allied sciences for the benefit of humanity, the advancement of the profession, and the well-being of our members."

IETF (Internet Engineering Task Force) - the body that defines standard Internet operating protocols such as TCP/IP.

Internet Architecture Board (IAB) - the Internet Society's overseer of the technical evolution of the Internet.

ISO - a worldwide federation of national standards bodies from some 100 countries, one from each country.

OASIS (Organization for the Advancement of Structured Information Standards) - a nonprofit, international consortium whose goal is to promote the adoption of product-independent standards for information formats such as Standard Generalized Markup Language (SGML), Extensible Markup Language (XML), and Hypertext Markup Language (HTML).

ITU-T (Telecommunication Standardization Sector of the International Telecommunications Union) - the primary international body for fostering cooperative standards for telecommunications equipment and systems.

National Computer Security Center (NCSC) - a U.S. government organization within the National Security Agency (NSA) that evaluates computing equipment for high security applications to ensure that facilities processing classified or other sensitive material are using trusted computer systems and components.

NIST (National Institute of Standards and Technology) - a unit of the US Commerce Department that promotes and maintains measurement standards.

RIAA (Recording Industry Association of America) - an organization that represents the music recording industry's intellectual property rights.

Sarbanes-Oxley Act (SOX) - legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise (administered by the Securities and Exchange Commission).

Section 508 - an amendment to the United States Workforce Rehabilitation Act of 1973, is a federal law mandating that all electronic and information technology developed, procured, maintained, or used by the federal government be accessible to people with disabilities.

Society of Motion Picture and Television Engineers (SMPTE) - a professional association that establishes standards, practices, and guidelines for the motion picture and television industry.

Telecommunications Act of 1996 - legislation designed to stimulate competition that specifies: how local telephone carriers can compete; how and under what circumstances local exchange carriers (LEC) can provide long-distance services; and the deregulation of cable TV rates.

The Open Group - a software standards organization sponsored by a number of major software vendors that develops and fosters industry standards for software interfaces, often using technologies developed by one of the sponsoring companies.

Web Services Interoperability Organization (WS-I) - an association of IT industry companies, including IBM and Microsoft, that aim to create Web services specifications that all companies can use.

W3C (World Wide Web Consortium) - an industry consortium which seeks to promote standards for the evolution of the Web and interoperability between WWW products by producing specifications and reference software.

Web Standards Project (WaSP) - a grass roots effort to encourage the main browser makers to create a standard implementation of the Hypertext Markup Language (HTML) and other Web standards and recommendations of the World Wide Consortium (W3C).

This was last updated in May 2010

Continue Reading About Compliance: Glossary

Dig Deeper on Business automation, robotics and business process management