Versions Compared

Version Old Version 3 New Version 4
Changes made by

damian.hickey

damian.hickey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Strategic Response Model Integration

Risk-Related

...

Code Block
{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Risk-Related Triggers Schema",
  "description": "Schema for risk-related triggers in the Strategic Response Model",
  "type": "object",
  "required": ["triggerID", "label", "description", "primaryCategory"],
  "properties": {
    "triggerID": {
      "type": "string",
      "description": "Unique identifier for the trigger"
    },
    "label": {
      "type": "string",
      "description": "Short, human-readable name of the trigger"
    },
    "description": {
      "type": "string",
      "description": "Expanded explanation of the trigger's relevance"
    },
    "primaryCategory": {
      "type": "string",
      "description": "Primary classification of trigger context",
      "enum": ["Risk_Event", "Control_Failure", "Risk_Level_Change", "New_Risk_Identified", "Regulatory_Change", "Risk_Appetite_Change", "Risk_Concentration", "External_Threat", "Vulnerability_Detected"]
    },
    "subCategory": {
      "type": "string",
      "description": "More specific classification within the primary category"
    },
    "riskID": {
      "type": "string",
      "description": "ID of the affected risk, if applicable"
    },
    "controlID": {
      "type": "string",
      "description": "ID of the related control, if applicable"
    },
    "origin": {
      "type": "string",
      "description": "Whether the trigger originates from inside or outside the organisation",
      "enum": ["Internal", "External", "Hybrid", "Risk_Assessment", "Audit_Finding", "Control_Monitoring"]
    },
    "timeHorizon": {
      "type": "string",
      "description": "The temporal nature of the trigger",
      "enum": ["Immediate", "Short_Term", "Medium_Term", "Long_Term", "Emerging_Risk"]
    },
    "impactLevel": {
      "type": "string",
      "description": "The potential significance of the trigger",
      "enum": ["Low", "Medium", "High", "Critical"]
    },
    "detectionMethod": {
      "type": "string",
      "description": "How this trigger was detected",
      "enum": ["Risk_Assessment", "Control_Monitoring", "Incident", "Audit", "External_Intelligence", "Stakeholder_Feedback", "Regulatory_Announcement"]
    },
    "evidenceStrength": {
      "type": "integer",
      "description": "Strength of evidence for this trigger (1-5)",
      "minimum": 1,
      "maximum": 5
    },
    "riskImpact": {
      "type": "object",
      "description": "Impact on risk profile",
      "properties": {
        "impactDescription": {
          "type": "string",
          "description": "Description of risk impact"
        },
        "affectedRiskCategories": {
          "type": "array",
          "description": "Categories of risk affected",
          "items": {
            "type": "string"
          }
        },
        "potentialLoss": {
          "type": "string",
          "description": "Potential financial impact if unaddressed"
        }
      }
    },
    "detectionDate": {
      "type": "string",
      "format": "date",
      "description": "Date when the trigger was identified"
    },
    "validUntil": {
      "type": "string",
      "format": "date",
      "description": "Expected end of relevance for this trigger"
    },
    "sourceReference": {
      "type": "string",
      "description": "Reference to source document or authority identifying the trigger"
    },
    "relatedTriggers": {
      "type": "array",
      "description": "References to other related triggers",
      "items": {
        "type": "string"
      }
    },
    "strategicResponseReferences": {
      "type": "array",
      "description": "References to related Strategic Response artefacts",
      "items": {
        "type": "string"
      }
    }
  }
}

Risk-Related Rationales Schema

Code Block
{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Risk-Related Rationales Schema",
  "description": "Schema for risk-related rationales in the Strategic Response Model",
  "type": "object",
  "required": ["rationaleID", "rationaleTitle", "description", "triggerReference"],
  "properties": {
    "rationaleID": {
      "type": "string",
      "description": "Unique identifier for the rationale"
    },
    "rationaleTitle": {
      "type": "string",
      "description": "Title or summary of the rationale"
    },
    "description": {
      "type": "string",
      "description": "Detailed explanation supporting a strategic response"
    },
    "triggerReference": {
      "type": "string",
      "description": "Primary trigger this rationale responds to"
    },
    "triggerReferences": {
      "type": "array",
      "description": "Optional multiple triggers this rationale addresses",
      "items": {
        "type": "string"
      }
    },
    "riskIDs": {
      "type": "array",
      "description": "Risks this rationale relates to",
      "items": {
        "type": "string"
      }
    },
    "linkedDomains": {
      "type": "array",
      "description": "Business architecture domains influenced or justified by this rationale",
      "items": {
        "type": "string",
        "enum": ["Risk", "Strategy", "Capability", "Product", "Service", "Value_Stream", "Performance", "Information", "Organization", "Initiative", "Customer", "Market", "Finance"]
      }
    },
    "rationaleType": {
      "type": "string",
      "description": "The justification type for this rationale",
      "enum": ["Risk_Prevention", "Risk_Mitigation", "Risk_Transfer", "Risk_Acceptance", "Control_Enhancement", "Response_Planning", "Opportunity_Exploitation", "Compliance_Management"]
    },
    "rationaleOrientation": {
      "type": "string",
      "description": "Whether the rationale is responding to existing conditions or anticipating future conditions",
      "enum": ["Reactive", "Proactive"]
    },
    "riskInsightSource": {
      "type": "string",
      "description": "Source of risk insights supporting this rationale",
      "enum": ["Risk_Assessment", "Incident_Analysis", "Control_Monitoring", "Audit_Finding", "Industry_Intelligence", "Scenario_Analysis", "Expert_Judgment"]
    },
    "anticipatedOutcomes": {
      "type": "array",
      "description": "For proactive rationales, the expected benefits or outcomes",
      "items": {
        "type": "string"
      }
    },
    "alternativesConsidered": {
      "type": "array",
      "description": "Other risk approaches that were evaluated but not selected",
      "items": {
        "type": "object",
        "properties": {
          "alternativeID": {
            "type": "string",
            "description": "Identifier for the alternative"
          },
          "alternativeDescription": {
            "type": "string",
            "description": "Description of the alternative approach"
          },
          "riskImplications": {
            "type": "string",
            "description": "Risk implications of this alternative"
          },
          "reasonForRejection": {
            "type": "string",
            "description": "Why this approach wasn't selected"
          }
        }
      }
    },
    "reasoningPattern": {
      "type": "string",
      "description": "The logical structure of the rationale",
      "enum": ["Risk_Based", "Control_Effectiveness", "Cost_Benefit", "Compliance_Based", "Threat_Assessment", "Vulnerability_Based", "Impact_Analysis"]
    },
    "evidenceBase": {
      "type": "string",
      "description": "The foundation for the rationale",
      "enum": ["Risk_Data", "Control_Testing", "Incident_History", "External_Intelligence", "Compliance_Requirements", "Expert_Opinion", "Quantitative_Analysis"]
    },
    "businessValueType": {
      "type": "string",
      "description": "The nature of value creation or preservation",
      "enum": ["Loss_Prevention", "Damage_Limitation", "Reputation_Protection", "Compliance_Assurance", "Operational_Resilience", "Strategic_Protection", "Opportunity_Enabling"]
    },
    "riskImpactAssessment": {
      "type": "object",
      "description": "Assessment of risk implications",
      "properties": {
        "impactType": {
          "type": "string",
          "description": "Type of risk impact",
          "enum": ["financial", "operational", "strategic", "reputational", "compliance", "multiple"]
        },
        "impactSeverity": {
          "type": "string",
          "description": "Severity of impact if not addressed",
          "enum": ["minimal", "moderate", "significant", "severe", "critical"]
        },
        "impactLikelihood": {
          "type": "string",
          "description": "Likelihood of impact if not addressed",
          "enum": ["very-low", "low", "moderate", "high", "very-high"]
        },
        "confidenceLevel": {
          "type": "integer",
          "description": "Confidence in assessment (1-5)",
          "minimum": 1,
          "maximum": 5
        }
      }
    },
    "dateCreated": {
      "type": "string",
      "format": "date",
      "description": "The date the rationale was first recorded"
    },
    "lastReviewed": {
      "type": "string",
      "format": "date",
      "description": "The most recent date of rationale review"
    },
    "effectivenessRating": {
      "type": "integer",
      "description": "Optional evaluation of rationale effectiveness (1-5)",
      "minimum": 1,
      "maximum": 5
    },
    "author": {
      "type": "string",
      "description": "The person or team who documented the rationale"
    },
    "orgUnitTitle": {
      "type": "string",
      "description": "The organisational unit that owns or authored the rationale"
    },
    "relatedRationales": {
      "type": "array",
      "description": "References to other related rationales",
      "items": {
        "type": "string"
      }
    }
  }
}

...