Glossary

The working vocabulary of institutional infrastructure.

A reference for the regulatory frameworks, infrastructure primitives, and settlement standards that recur across our work. 10 entries, expanded as new questions arrive.

Request a private briefingAll capabilities

About the glossary

Each entry is written for someone making a real decision — procurement, architecture, or compliance — not for someone browsing for definitions.

Entries explain what a term means, why it matters in high-stakes deployments, and how XVICA treats it in practice. We have opinions; we mark them as ours. Where a regulation has shifted, we say so.

01Cluster · regulatory

Regulatory & frameworks

01

FIPS 140-2

What FIPS 140-2 is, what its security levels mean, and how XVICA satisfies FIPS 140-2 obligations in regulated UK, US, and Commonwealth deployments.

02

DORA (Digital Operational Resilience Act)

What DORA requires of EU financial entities, who is in scope, and how XVICA designs operational resilience as a first-class engineering property.

03

SR 11-7

What SR 11-7 requires of US banks for model risk management, who reviews it, and how XVICA builds platforms that satisfy SR 11-7 evidence requirements.

04

DCB0129

What DCB0129 requires of NHS health-IT manufacturers, how it relates to DCB0160, and how XVICA embeds clinical-safety practice in healthcare infrastructure.

05

SOC 2 Type II

What SOC 2 Type II covers, how it differs from Type I, and how XVICA embeds SOC 2 evidence collection as a continuous engineering practice.

06

BCBS 239

What BCBS 239 requires of global systemically important banks, how supervisors assess compliance, and how XVICA designs data platforms that satisfy it.

02Cluster · infra

Infrastructure primitives

01

Event-sourced ledger

What an event-sourced ledger is, why it matters for regulated transaction systems, and how XVICA uses event sourcing in production deployments.

02

Idempotency key

What an idempotency key is, why it is essential in payment and transaction APIs, and how XVICA enforces idempotency end-to-end in regulated systems.

03

Zero-trust architecture

What zero-trust architecture means, how it differs from perimeter security, and how XVICA implements zero-trust foundations for regulated institutions.

03Cluster · settlement

Settlement & messaging

01

ISO 20022

What ISO 20022 is, why payment systems are migrating to it, and how XVICA designs ISO 20022-native infrastructure for banks and payment firms.

A precise vocabulary is an engineering tool.

Discuss a specific platform, regulation, or architectural decision with our team.

Request a private briefing