An activity is an action that occurs in your organization, where processing of information takes place. An activity is always related to an overlying process.
A process is the highest level of a documented business process where information is collected and processed. Examples of processes in HR could be “Recruitment” or “Personnel administration”.
A System is a data processing or data storing entity that the business accesses directly. A system may be a physical storing unit, a business application, or a file share either on premise or in the cloud. However, a system is typically not a database or a network component as these are not accessed directly by the business.
A risk scenario is a potential event that poses a risk to the organization.
A generic control is a description of a control that can be performed in your organization. Generic controls can be scheduled and performed as control tasks through the Project management module.
A contract may be the registration of the existence of any agreement signed with a third party such as a Service agreement, Data processor agreement, partnership agreement, System hosting agreement etc.