Archives Glossary Terms

Return on Investment The benefits and rewards achieved after an investment has been made, justifying the initial outlay. Such as an increase of profit as a direct result of investing in ISO certification.

Risk Assessment Method Statements RAMS combine risk assessment with safe systems of work or method statements that contractors must provide before working on many sites. Method Statements detail how an activity will be carried out and should include consideration of…

Information Security Management System A structured system for managing the protection of information. Often following ISO 27001. may or may not be certified.

Information System Software or other system for collecting, storing and processing information.

Information Security The practice of protecting information from unauthorised access and use.

Senior Information Risk Owner SIRO is a role used in Government Information Assurance and is particularly prominent in the NHS and where health data is handled, often combined with other job roles

Security Incident and Event Management The process of using products and/or services to manage security information and security events.  Usually by providing real-time reporting and analysis of network activity.

Plan, Do, Check, Act The cycle implemented in a management system to drive continual improvement.  Based on the Deming Cycle.

Corrective Action / Preventive Action Actions to correct a non-conformance and prevent reoccurrence.  Note: Preventive Action has been replaced by a Risk-Based approach in Annex SL standards.

Risk Register A register documents the potential risks identified including the analysis of that risk (often involving scoring), controls and ownership of the risk.