PartnerAlly Docs
Reference

Glossary

Definitions of common compliance, security, and platform terms.

Glossary

Quick reference for compliance terminology and PartnerAlly-specific terms.

A

AML (Anti-Money Laundering)

Laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income.

Annex A

In ISO 27001, the appendix containing the list of security controls that organizations should consider implementing.

Audit

A formal examination of an organization's compliance with specific requirements, conducted by internal or external auditors.

Audit Trail

A chronological record of system activities that enables the reconstruction and examination of sequences of events.

B

BSA (Bank Secrecy Act)

US legislation requiring financial institutions to assist government agencies in detecting and preventing money laundering.

Business Associate

Under HIPAA, a person or entity that performs certain functions or activities involving the use or disclosure of protected health information on behalf of a covered entity.

C

Compliance Gap

A deficiency where current policies, procedures, or controls do not fully meet a specific regulatory or framework requirement.

Confidence Score

In PartnerAlly, a percentage indicating how certain the AI is about a specific finding or analysis result.

Control

A safeguard or countermeasure designed to protect the confidentiality, integrity, and availability of information, or to meet a compliance requirement.

Covered Entity

Under HIPAA, a health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically.

Critical Severity

The highest severity level for compliance gaps or risks, indicating immediate attention is required.

D

Data Classification

The process of organizing data by sensitivity level (e.g., public, internal, confidential, restricted).

Data Retention

Policies defining how long different types of data should be kept before deletion.

DPA (Data Processing Agreement)

A contract between a data controller and data processor that specifies data protection obligations.

E

Encryption

The process of converting data into a coded form to prevent unauthorized access.

Evidence

Documentation or artifacts that demonstrate compliance with a specific requirement or control.

F

FATF (Financial Action Task Force)

An intergovernmental organization that sets international standards for combating money laundering and terrorist financing.

Framework

A structured set of guidelines, best practices, and requirements for achieving a specific goal (e.g., SOC 2, ISO 27001).

G

Gap Analysis

The process of comparing current practices against desired standards to identify deficiencies.

GDPR (General Data Protection Regulation)

European Union regulation governing data protection and privacy for individuals within the EU and EEA.

H

HIPAA (Health Insurance Portability and Accountability Act)

US legislation providing data privacy and security provisions for safeguarding medical information.

High Severity

A severity level indicating significant compliance risk that should be addressed promptly.

Human-in-the-Loop

An AI model design where humans review and validate AI outputs before actions are taken.

I

ISO 27001

International standard for information security management systems (ISMS).

Inherent Risk

The risk level before any controls or mitigations are applied.

K

KYC (Know Your Customer)

The process of verifying the identity of clients and assessing their suitability, along with potential risks.

L

Low Severity

A severity level indicating minor compliance gaps that can be addressed as part of routine improvements.

M

Medium Severity

A severity level indicating moderate compliance risk that should be planned for remediation.

MFA (Multi-Factor Authentication)

Authentication requiring two or more verification methods from different categories (something you know, have, or are).

N

NIST CSF (National Institute of Standards and Technology Cybersecurity Framework)

A framework providing organizations with guidance for managing cybersecurity risk.

O

OFAC (Office of Foreign Assets Control)

US Treasury Department office administering and enforcing economic sanctions programs.

P

PCI DSS (Payment Card Industry Data Security Standard)

Information security standard for organizations handling branded credit cards.

PHI (Protected Health Information)

Under HIPAA, individually identifiable health information transmitted or maintained in any form.

Points of Focus

In SOC 2, specific considerations that may assist organizations in achieving Trust Service Criteria.

Policy

A formal document stating organizational rules, expectations, and requirements on a specific topic.

Procedure

Step-by-step instructions for implementing a policy or performing a specific task.

Priority Queue

In PartnerAlly, an AI-ranked list of risks or gaps ordered by recommended remediation sequence.

R

Remediation

The process of addressing and correcting compliance gaps or risks.

Residual Risk

The risk level remaining after controls and mitigations are applied.

Risk

The potential for loss, damage, or harm resulting from a threat exploiting a vulnerability.

Risk Assessment

The process of identifying, analyzing, and evaluating risks.

Risk Register

A central repository documenting identified risks, their severity, status, and treatment plans.

Role-Based Access Control (RBAC)

An approach to restricting system access based on users' organizational roles.

S

SAR (Suspicious Activity Report)

A report filed by financial institutions when suspicious activity is detected.

Sanctions

Restrictions imposed on countries, entities, or individuals, typically prohibiting certain transactions.

Severity

A rating indicating the seriousness or impact level of a compliance gap or risk.

SoA (Statement of Applicability)

In ISO 27001, a document listing all controls and their applicability to the organization.

SOC 2 (Service Organization Control 2)

An auditing procedure ensuring service providers securely manage data to protect clients' interests.

SOX (Sarbanes-Oxley Act)

US law establishing auditing and financial regulations for public companies.

T

Task

In PartnerAlly, a specific action item within a workflow, assigned to a user for completion.

Travel Rule

Regulatory requirement for VASPs to share originator and beneficiary information for crypto transfers above thresholds.

Trust Service Criteria (TSC)

The categories used in SOC 2 audits: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

V

VASP (Virtual Asset Service Provider)

A business that exchanges, transfers, or custodies virtual assets (cryptocurrencies).

Vulnerability

A weakness that could be exploited by a threat to gain unauthorized access or cause harm.

W

Wallet Screening

The process of checking cryptocurrency addresses against sanctions lists and risk databases.

Workflow

In PartnerAlly, a structured series of tasks designed to address a compliance gap or achieve a goal.

See Also

Wallet Screening

Managing compliance requirements for cryptocurrency address and wallet screening.

Keyboard Shortcuts

Speed up your workflow with keyboard shortcuts throughout PartnerAlly.

On this page

GlossaryAAML (Anti-Money Laundering)Annex AAuditAudit TrailBBSA (Bank Secrecy Act)Business AssociateCCompliance GapConfidence ScoreControlCovered EntityCritical SeverityDData ClassificationData RetentionDPA (Data Processing Agreement)EEncryptionEvidenceFFATF (Financial Action Task Force)FrameworkGGap AnalysisGDPR (General Data Protection Regulation)HHIPAA (Health Insurance Portability and Accountability Act)High SeverityHuman-in-the-LoopIISO 27001Inherent RiskKKYC (Know Your Customer)LLow SeverityMMedium SeverityMFA (Multi-Factor Authentication)NNIST CSF (National Institute of Standards and Technology Cybersecurity Framework)OOFAC (Office of Foreign Assets Control)PPCI DSS (Payment Card Industry Data Security Standard)PHI (Protected Health Information)Points of FocusPolicyProcedurePriority QueueRRemediationResidual RiskRiskRisk AssessmentRisk RegisterRole-Based Access Control (RBAC)SSAR (Suspicious Activity Report)SanctionsSeveritySoA (Statement of Applicability)SOC 2 (Service Organization Control 2)SOX (Sarbanes-Oxley Act)TTaskTravel RuleTrust Service Criteria (TSC)VVASP (Virtual Asset Service Provider)VulnerabilityWWallet ScreeningWorkflowSee Also