Compliance glossary

Terms leadership must understand

A concise glossary for boards, leaders, auditors and security owners who need a shared language for requirements, risk and documentation.

nis2

The EU directive that strengthens requirements for cybersecurity, management accountability and incident reporting.

dora

EU regulation for digital operational resilience in the financial sector.

csrd

EU sustainability reporting requirements with much more structured and audit-ready documentation.

esg

Umbrella term for environmental, social and governance factors.

gdpr

The EU privacy regulation for processing personal data.

sbom

Software Bill of Materials: an inventory of software components.

soa

Statement of Applicability: overview of which controls apply and why.

rto

Recovery Time Objective: how quickly a service must be restored after disruption.

rpo

Recovery Point Objective: how much data loss the organisation can tolerate during recovery.