Compliance glossary
Plain-language definitions of the terms you encounter in compliance, quality management, and risk. No jargon. Just clear explanations.
A
Acknowledgement tracking
The process of capturing proof that employees have read and understood a policy, procedure, or change. CollinQ's Engage module tracks acknowledgements automatically when policies are pushed to users.
AI governance
A framework of policies, processes, and controls that ensure artificial intelligence is used responsibly, ethically, and in compliance with regulations. Becoming a formal requirement under acts like the EU AI Act.
Audit (internal)
A systematic, independent review of an organization's compliance with its own policies, standards, or external regulations. Internal audits identify gaps before external auditors find them.
Audit trail
A chronological record of all actions taken on a system or document. Auditors use audit trails as evidence of compliance: who did what, when, and why.
C
CAPA (Corrective and Preventive Action)
A structured process for fixing a problem (corrective) and preventing it from recurring (preventive). CAPA is a core requirement of ISO 9001 and most quality management standards.
CCPA (California Consumer Privacy Act)
A US state privacy law that grants California residents rights over their personal data, including the right to know, delete, and opt out of the sale of personal information. The CPRA expanded these rights in 2023.
Compliance framework
A structured approach an organization uses to meet legal, regulatory, or industry requirements. It typically includes policies, procedures, controls, risk assessments, and monitoring. CollinQ turns frameworks into working systems.
Continuous improvement
The ongoing effort to enhance products, services, or processes. In quality management, continuous improvement is usually structured through the PDCA cycle.
Control
A specific measure or safeguard put in place to mitigate a risk, ensure compliance, or achieve a business objective. Controls can be preventive (stop something from happening) or detective (identify when something has happened).
D
DORA (Digital Operational Resilience Act)
EU regulation that requires financial entities and their critical ICT providers to maintain operational resilience against cyber and operational risks. Effective January 2025.
E
ESG (Environmental, Social, Governance)
A framework for evaluating an organization's impact and accountability across three dimensions: environmental sustainability, social responsibility, and governance practices. Increasingly required for regulatory reporting.
G
GDPR (General Data Protection Regulation)
EU regulation governing how personal data of EU residents is collected, processed, and protected. The UK has its own equivalent (UK GDPR) following Brexit. Non-compliance can result in fines up to 4% of global revenue.
I
ISO 9001
The international standard for quality management systems (QMS). Specifies requirements for consistently providing products and services that meet customer and regulatory requirements. CollinQ's Market module includes a ready-to-use ISO 9001 system.
ISO 27001
The international standard for information security management systems (ISMS). Provides a framework for managing information security risks through policies, procedures, and technical controls.
ISMS (Information Security Management System)
A systematic approach to managing sensitive information so it remains secure. The ISMS is the structure that operationalizes ISO 27001.
M
Management review
A periodic evaluation by top management of the effectiveness of the management system. Required by most ISO standards. Typically reviews audit results, performance metrics, risks, and improvement opportunities.
N
NIS2 (Network and Information Security Directive 2)
EU directive that strengthens cybersecurity requirements for essential and important entities across critical sectors. Replaces the original NIS Directive and expands scope significantly.
Non-conformity
A failure to meet a requirement, whether from a standard, regulation, contract, or internal policy. Non-conformities are typically addressed through CAPA.
P
PDCA (Plan-Do-Check-Act)
A four-step continuous improvement cycle: Plan what to do, Do it, Check the results, and Act on the findings. PDCA is the engine behind most quality management standards including ISO 9001. CollinQ's Control module is built around PDCA workflows.
Policy
A high-level statement of intent that guides decision-making and behaviour within an organization. Policies define what should happen, while procedures define how.
Procedure
A step-by-step set of instructions describing how to carry out a task or process. Procedures translate policy into actionable steps.
Q
QMS (Quality Management System)
A formalized system that documents processes, procedures, and responsibilities for achieving quality policies and objectives. ISO 9001 is the most widely adopted QMS standard.
R
RASCI (or RACI)
A responsibility assignment matrix used to clarify roles in a process. Each task is mapped against people who are Responsible, Accountable, Supportive, Consulted, and Informed. RACI is the simpler version without "Supportive."
Risk register
A documented list of identified risks, their likelihood and impact, owners, and mitigation actions. Traditionally maintained in Excel, but increasingly part of integrated compliance platforms.
S
SOC 2
A US auditing standard developed by the AICPA that evaluates a service provider's controls over security, availability, processing integrity, confidentiality, and privacy. Often required by US enterprise customers.
W
Working system
CollinQ's term for what happens when a compliance framework stops being a document and becomes a live, used environment: tasks assigned, processes running, evidence captured automatically. The opposite of a PDF that sits unread in a shared drive. See how it works.
Turn these terms into a working system
CollinQ helps compliance consultants and professional bodies deliver their frameworks as living platforms their clients use every day.