Notes (alphabetical)
Search to quickly find notes, articles, guides, and resources across the site.
Search to quickly find notes, articles, guides, and resources across the site.
Adequacy decisions are determinations made by the European Commission that a non-EU country ensures an equivalent level of data protection. These decisions allow for the free flow of personal data from the EU to these countries without additional safeguards. Adequacy decisions are crucial for facilitating secure and legitimate international data transfers, while upholding data privacy standards. Further reading Adequacy decisions - European Commission A guide to international transfers - ICO Commission finds that EU personal data flows can continue with 11 third countries and territories - European Commission
Corrective actions are structured processes for addressing and resolving identified issues or nonconformities, aiming to prevent recurrence and promote continuous improvement. They may originate from routine business operations, or from internal or external reviews by regulators, auditors, or other governance functions. What is a Corrective Action Plan? A corrective action addresses a specific issue or deficiency through targeted measures. In contrast, a corrective action plan (CAP) is a comprehensive document that outlines multiple corrective actions, along with their timelines, responsible parties, and the steps required to ensure each item is systematically resolved. ...
Heuristics are mental shortcuts, or rules of thumb, that can help you make decisions quickly and efficiently. Instead of analysing every situation from first principles, heuristics allow you to simplify complex problems by looking for patterns. They can be especially useful in situations with incomplete information, or when time is limited, however using them comes with its own risk. Why Are Heuristics Useful in Risk Management? In risk management you are by definition dealing with uncertainty, and often with limited data and time to analyse. Heuristics can help by: ...
Non-financial risk (NFR) refers to the potential for losses arising from factors other than financial. These risks can come from a variety of sources, including failures in operational processes, environmental or climate issues, cybersecurity and regulatory changes. Managing non-financial risk is crucial for maintaining the overall stability and reputation of an organisation. Overview of non-financial risks (CA ANZ) Non-financial risks include (but are not limited to): environmental risks (including climate-related risk) social risks (including understanding changing social norms) supply chain transparency and other supply chain risks health and safety risks technology risks (including business continuity) cyber security risks and data privacy breaches compliance failure misconduct โ Guide to non-financial risks, CA ANZ ...
Context In regulated industries โ particularly financial services, energy, and critical infrastructure โ the Three Lines model is the standard vocabulary for governance. It is the primary mechanism organisations use to segregate duties and prevent conflicts of interest. For the professional, understanding this framework is a practical necessity: it clarifies the boundary between operational management and independent oversight. The Three Lines of Defence (3LOD) is a framework used to structure risk management within an organisation. It separates those who own the risk from those who oversee it, and those who provide independent assurance. ...