CRISC - Certified in Risk and Information Systems Control term definition - Part 45

IT Governance Basic

Reciprocal agreement

Emergency processing agreement between two or more enterprises with similar equipment or applications.

Record

A collection of related information that is treated as a unit.

Record, screen and report layouts

Record layouts provide information regarding the type of record, its size and the type of data contained in the record. Screen and report layouts describe what information is provided and necessary for input.

Recovery action

Execution of a response or task according to a written procedure.

Recovery point objective (RPO)

Determined based on the acceptable data loss in case of a disruption of operations. It indicates the earliest point in time that is acceptable to recover the data. The RPO effectively quantifies the permissible amount of data loss in case of interruption.

Recovery strategy

An approach by an enterprise that will ensure its recovery and continuity in the face of a disaster or other major outage.

Recovery testing

A test to check the system’s ability to recover after a software or hardware failure.

Recovery time objective (RTO)

The amount of time allowed for the recovery of a business function or resource after a disaster occurs

Redo logs

Files maintained by a system, primarily a database management system (DBMS), for the purpose of reapplying changes following an error or outage recovery.

Redundancy check

Detects transmission errors by appending calculated bits onto the end of each segment of data.

Redundant Array of Inexpensive Disks (RAID)

Provides performance improvements and fault-tolerant capabilities via hardware or software solutions, by writing to a series of multiple disks to improve performance and/or save large files simultaneously.

Redundant site

A recovery strategy involving the duplication of key IT components, including data or other key business processes, whereby fast recovery can take place.

Reengineering

A process involving the extraction of components from existing systems and restructuring these components to develop new systems or to enhance the efficiency of existing systems. Registration authority (RA). The individual institution that validates an entity's proof of identity and ownership of a key pair.

Regression testing

A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase.

Relational database management system (RDBMS)

The general purpose of a database is to store and retrieve related information.

Relevant audit evidence

Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.

Reliable audit evidence

Audit evidence is reliable if, in the IS auditor's opinion, it is valid, factual, objective and supportable.

Remote access service (RAS)

Refers to any combination of hardware and software to enable the remote access to tools or information that typically reside on a network of IT devices.

Remote Authentication Dial-in User Service (RADIUS)

A type of service providing an authentication and accounting system often used for dial-up and remote access security.

Remote job entry (RJE)

The transmission of job control language (JCL) and batches of transactions from a remote terminal location.