Incident scope
Incident scope enables definition of risk location within the organization.
Organization description is detailed in paragraph “Organization", page 697. For further details on the various configuration possibilities of these characteristics, see Incident and Loss Administration.The scope is specified on several component types:
• entities concerned by the incident
An entity can be internal or external to the enterprise: an entity represents an organizational element of enterprise structure such as a management, department, or job function. It is defined at a level depending on the degree of detail to be provided on the organization (see org-unit type). Example: financial management, sales management, marketing department, account manager. An external entity represents an organization that exchanges flows with the enterprise, Example: customer, supplier, government office.• business lines concerned by the incident
A business line is a high level classification of main enterprise activities. It corresponds for example to major product segments or to distribution channels. It enables classification of enterprise processes, organizational units or applications that serve a specific product and/or specific market. Regulation frameworks of certain industries impose their own business lines.• risk typesto be associated with the incident
A risk type defines a risk typology standardized within the context of an organization.• business processes andorganizational processes concerned by the incident
A business process represents a system that offers products or services to an internal or external client of the company or organization. At the higher levels, a business process represents a structure and a categorization of the business. It can be broken down into other processes. The link with organizational processes will describe the real implementation of the business process in the organization. A business process can also be detailed by a functional view.An organizational process describes how to implement all or part of the process required to make a product or handle a flow.• products impacted by the incident
A product represents commodities offered for sale, either goods or merchandise produced as the result of manufacturing, or a service, ie. work done by one person or group that benefits another.• applications impacted by the incident
An application is a set of software tools coherent from a software development viewpoint.• requirements expected related to incident management
A requirement is a need or expectation explicitly expressed, imposed as a constraint to be met within the context of a project. This project can be a certification project or an organizational project or an information system project.