Appendix A: Glossary of Key Terms

Term
Definition

DAO

Decentralised Autonomous Organization – A community-driven governance model.

KYC

Know Your Customer – Identity verification processes for regulatory compliance.

AML

Anti-Money Laundering – Measures to prevent illicit financial activities.

GDPR

General Data Protection Regulation – EU regulation for data privacy.

CCPA

California Consumer Privacy Act – US law for consumer data protection.

ISO/IEC 27001

International standard for Information Security Management Systems (ISMS).

SOC 2 Type II

A framework for managing data security and privacy based on Trust Services Criteria.

MFA

Multi-Factor Authentication – An added layer of security requiring multiple verification methods.

Zero Trust

A security model that assumes no user or device is inherently trustworthy.

ISMS

Information Security Management System – A framework for managing sensitive data.

RMF

Risk Management Framework, a structured approach for managing security and privacy risks (based on NIST SP 800 series).

NIST

National Institute of Standards and Technology, provides cybersecurity and risk management standards.

FCA

Financial Conduct Authority, UK’s financial regulatory body.

FIPS 199

Federal Information Processing Standard for categorising information and systems.

SP 800-30r1

NIST Special Publication on conducting risk assessments.

SP 800-53

NIST catalog of security and privacy controls.

SP 800-160

NIST guide on secure engineering.

SP 800-53A

NIST guide for assessing controls.NIST guide for assessing controls.

SP 800-37

NIST guide for risk management throughout the system lifecycle.

SP 800-128/137

NIST guides for configuration management and continuous monitoring.

AI Governance

Processes ensuring ethical, transparent, and compliant AI system development and use.

Tokenisation

Conversion of real estate assets into digital tokens on a blockchain.

Pseudonymisation

Replacing personal identifiers with pseudonyms to protect privacy.

PII

Personally Identifiable Information.

Incident

Any detected occurrence that may compromise security, privacy, or compliance.

Incident Response

Procedures for detecting, managing, and resolving security incidents.

RealXchange

Xcavate’s community-powered crowdfunding platform for real estate investments.

Continuous Monitoring

Ongoing observation of systems to ensure risk management and compliance.

PreviousConclusionNextAppendix B: Risk Register (Template)

Last updated