Accepted Risk

A risk that has been identified, evaluated, and deemed unfit for remediation.


Internal: Documented and approved use of a resource. Includes a specified duration. External: Connecting to, or using, any of Catalyst's published tools.


Approval is granted by Business Owners to a resource or to make a change.

Authorized Vendors

individuals or services that have been contracted by Catalyst to perform specific functions.

Business Owner

The business owner is responsible and accountable for a resource of the business.

Catalyst Agent

a person or persons under contract with Catalyst.

Chain of Custody

a log of the media during its life at Catalyst


using protocols, network, cabled, etc.

Critical Vendor

A vendor on who's service the function of Insight is dependent.

Customer Data Incident

An incident shall be deemed a Customer Data Incident_ _if there is a non-reversible, unintentional, alteration (including deletion or loss) of customer data.

Customer Data

Any work product produced from data provided by a customer is considered Customer Data. Also, any metadata associated with data provided by the customer. Specifics about the customer’s business that Catalyst personnel may come to know is data belonging to the customer.


Any computing apparatus that has the capability of connecting to Catalyst resources.


Leaders of defined departments.

Emergency Change

An Emergency Change results from an event that will cause, or has caused, service interruption.


Employees are individuals on Catalyst's payroll.

High Risk

when the score of a risk is higher than or equal to 45.

Imaginary Unicorns

Pony's with horns stapled to their foreheads.

Infrastructure Incident

An incident shall be deemed an Infrastructure Incident if the production environment experiences unplanned downtime or suffers degradation in a way that disrupts service.

Least Privilege

Access is granted only to the information and resources that are necessary for its legitimate purpose.


Employees who supervise other personnel.

Media Handling Operator

An individual that works with and secures media.


Any physical storage device that contains Catalyst or Customer data. This definition excludes media that has not been used.

New Risk

a risk to which company resources were not previously exposed.


contractors or consultants who have been authorized to work at Catalyst.

Normal Change

Normal changes do not have documented procedures and/or are higher risk changes. Normal changes commonly include actions that are similar to other activity, but new to the business.


A trained user of a resource.

Personal Accessories

non-computing devices designed to assist in the use of technology.

Personal Computing Device

Any computing device not owned by Catalyst (including personal cell phones).

Personal Devices

a personal computing device, a personal storage device, personal accessories

Personal Storage Device

Any device or media designed to store data.


Employees and Non-employees combined.

Physical Writable Media

CD, DVD, flash drives, hard drives, etc.


A declaration of business intent for a domain.


Individual consent of the Business Owner is not required.

Printed Media

any information on paper, written or printed.


The resources deployed by Catalyst to power the applications.

Qualified Risk

The understanding of business processes and risks.

Qualified Risk

a risk that has been reviewed by the Security and Compliance Committee and found to have an appropriate score.


the activity of reducing a risk to an acceptable threat level.


A requester is initiating a request. The request could be for access, change, or even reporting an incident.


A component or configurable item of the business. Resources can include, but are not limited to personnel, contractors, data, systems, applications, infrastructure, and documents.

Risk Score

The combination of scope, likelihood, and impact.


a threat or potential threat to the operation of Catalyst's platform or the integrity of its stored data and systems.

Security Incident

An incident shall be deemed a Security Incident if the potential exists for it to compromise Catalyst’s policies, brand, and/or integrity. Any malicious action or incident known to the Security committee will be considered a Security Incident.

Standard Change

Routine changes for the company. These are repeatable actions of the business.

Subsidiary Employee

Employees of a subsidiary of Catalyst that are not fully integrated to the Catalyst environment and brand.

Supplier-Only Vendor

A vendor that supplies only goods to catalyst.

Third Party

A person or party besides the two parties primarily involved in an agreement or situation.

Unrestricted Resources

A component or configurable item of the business with very low risk and common access. Examples include, but are not limited to supply cabinets, and conference rooms. Unrestricted resources will not require Business Owners nor Approvals. Simply being a current employee of Catalyst will qualify for use of Unrestricted Resources.


Internal: All employees, temporary employees, contractors, consultants, and/or any other party who is contracted by Catalyst to access Catalyst resources. External: Any individual connecting to a Catalyst-published tool.


Plans are validated when two Operators agree that this is an appropriate course of action


A person or company providing goods or services that is not comprised of Catalyst employees.


Internal: Individuals who are not Catalyst Personnel or Authorized Vendors. External: Individuals who connect to our websites or products who are not employed by Catalyst.

results matching ""

    No results matching ""