| AI Model | The underlying machine learning or generative AI model used by an AI system, such as GPT-4, Claude, Gemini, or self-hosted models. |
| AI System | An internal or third-party AI application, platform, service, or workflow managed within Sprinto. |
| AI System Lifecycle | The governance lifecycle followed by AI systems, including discovery, inventory management, risk assessment, due diligence, monitoring, remediation, and periodic reviews. |
| Compliance Framework | A regulatory or governance standard used to guide AI governance workflows, such as ISO 42001, EU AI Act, or NIST AI RMF. |
| Critical Risk | A high-priority AI risk classification assigned to AI systems requiring additional governance oversight or remediation. |
| Custom Field | An organisation-specific metadata field added to AI systems for governance or operational tracking. |
| Due Diligence | A governance and security review workflow used to assess the compliance and security posture of AI systems or AI vendors. |
| Dynamic Variables | Reusable placeholders used within document request templates, such as {{vendor_name}} or {{internal_business_contact}}. |
| Finding | A governance observation, issue, compliance gap, or security concern identified during AI governance reviews. |
| Geography | The deployment region or data processing location associated with an AI system. |
| Governance Workflow | A structured process used to manage AI systems, governance reviews, risk assessments, due diligence activities, and remediation tracking. |
| Internal AI System | An AI system developed, hosted, or managed internally by the organisation. |
| Monitor | A governance tracking workflow or compliance activity associated with an AI system. |
| Multiuser Field | A custom field type that allows multiple users to be associated with an AI system or governance workflow. |
| PHI | Protected health information associated with individuals. |
| PII | Personally identifiable information that can identify an individual directly or indirectly. |
| Questionnaire | A structured assessment form used during AI governance and due diligence workflows. |
| Remediation Task | An operational or governance action assigned to resolve a finding, risk, or compliance concern. |
| Risk Factor | A scoring criterion used during AI risk assessments. |
| Risk Level | A classification assigned to AI systems based on calculated risk scores. |
| Risk Threshold | A configured score range used to determine the assigned AI risk level. |
| Security Questionnaire | A questionnaire used to assess the security and governance posture of AI vendors or AI systems. |
| Shadow AI | AI tools or services being used within the organisation outside approved governance workflows. |
| Stakeholder | A user, team, or business function associated with an AI system. |
| Third-party AI System | An externally provided AI application, platform, or service used by the organisation. |
| Vendor | An external organisation that provides an AI system or AI-enabled service. |
| Violation | An AI-related policy breach, governance issue, or sensitive data exposure event detected by Sprinto. |
| Violation Severity | The priority classification assigned to a violation. |