Regulatory and Compliance — Glossary

The FDA and CPSC classify product recalls into three classes based on health risk severity. Class I can kill you. Class II can hurt you. Class III breaks rules.

A working definition of Bank Secrecy Act and anti-money laundering obligations for compliance firm owners advising financial institutions and MSBs.

Breach notification is the legally required disclosure of a data security incident to affected individuals, regulators, and sometimes media, under specific timelines and methods.

CMMC is the Department of Defense's tiered cybersecurity framework for contractors, replacing self-attestation with third-party audit requirements across five levels.

ISO 13485 is the international quality management standard for medical device design, production, and post-market surveillance, required for regulatory access in major markets.

Industrial hygiene is the science of anticipating, recognizing, evaluating, and controlling workplace conditions that cause injury or illness to workers.

Root cause analysis is the systematic method of tracing a failure, loss, or incident to its underlying source, not merely its triggering event.

A 510(k) submission is a premarket notification to FDA demonstrating that a medical device is substantially equivalent to a legally marketed predicate device.

Security clearance levels explained for cleared staffing firms: how Secret, Top Secret, and SCI access work, who adjudicates them, and what they mean for placement.

A tabletop exercise is a structured, discussion-based simulation that tests an organization's crisis response plans without deploying resources or disrupting operations.

A working definition of the Experience Modifier (EMR) for workers' compensation premium audit practitioners and the firm owners who review them.

An FDA 483 observation documents specific conditions during an inspection that may violate the Food, Drug, and Cosmetic Act or related regulations.

An FDA Import Alert is a border enforcement tool that allows FDA to detain shipments without physical examination when a product or manufacturer presents a known compliance risk.

A formal FDA enforcement communication that cites specific violations and demands corrective action, with serious consequences for medical device, pharmaceutical, and food firms.

A systematic review of Form I-9 records to verify compliance with 8 U.S.C. section 1324a and identify substantive or technical violations before ICE inspection.

SOC 2 is an attestation standard for service organizations, built on five trust criteria: security, availability, processing integrity, confidentiality, and privacy.

The Food Safety Modernization Act shifts FDA food regulation from reactive response to preventive controls, with binding rules for domestic and foreign suppliers.