ISO 19600:2014 pdf download – Compliance management systems — Guidelines.
3? Terms? and? definition For the purpose of this document, the following terms and definitions apply. 3.1 organization person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives (3.9) Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private. 3.2 interested party (preferred term) stakeholder (admitted term) person or organization (3.1) that can affect, be affected by, or perceive themselves to be affected by a decision or activity 3.3 top management person or group of people who directs and controls an organization (3.1) at the highest level Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization. Note 2 to entry: If the scope of the management system (3.7) covers only part of an organization then top management refers to those who direct and control that part of the organization.
3.8 policy intentions and direction of an organization (3.1) as formally expressed by its top management (3.7) 3.9 objective result to be achieved Note 1 to entry: An objective can be strategic, tactical and/or operational. Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process (3.10)). Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as a compliance objective or by the use of other words with similar meaning (e.g. aim, goal, or target). Note 4 to entry: In the context of compliance management systems, compliance objectives are set by the organization, consistent with the compliance policy, to achieve specific results. 3.10 process set of interrelated or interacting activities which transforms inputs into outputs 3.11 risk effect of uncertainty on objectives (3.9) Note 1 to entry: An effect is a deviation from the expected — positive or negative. Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood. Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:2009, 3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these. Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence. 3.12 compliance risk effect of uncertainty on compliance objectives (3.9) Note 1 to entry: Compliance risk can be characterized by the likelihood of occurrence and the consequences of noncompliance (3.18) with the organization’s compliance obligations (3.16).