An activity is an action that occurs in your organization, where processing of information takes place. An activity is always related to an overlying process.

A contract may be the registration of the existence of any agreement signed with a third party such as a Service agreement, Data processor agreement, partnership agreement, System hosting agreement etc.

A generic control is a description of a control that can be performed in your organization. Generic controls can be scheduled and performed as control tasks through the Project management module.

A process is the highest level of a documented business process where information is collected and processed. Examples of processes in HR could be “Recruitment” or “Personnel administration”.

A risk scenario is a potential event that poses a risk to the organization.

A System is a data processing or data storing entity that the business accesses directly. A system may be a physical storing unit, a business application, or a file share either on premise or in the cloud. However, a system is typically not a database or a network component as these are not accessed directly by the business.