| 1 Definition | 2 Functional Requirements | 3 Syntax |
| 4 Semantics | 5 Conformance Testing | 6 Performance Assessment |
1 Definition
A table composed of two rows for the risks and four columns for the characteristics. Table 1 gives the four characteristics for the Vertical Risks considered.
2 Functional Requirements
3 Syntax
https://schemas.mpai.community/CUI1/V2.0/data/SecondaryRiskMatrix.json
4 Semantics
| Label | Size | Description |
| Header | N1 Bytes | Space-Time Header |
| – Standard-Object | 9 Bytes | The characters “CUI-SRM-V” |
| – Version | N2 Bytes | Major version – 1 or 2 characters |
| – Dot-separator | 1 Byte | The character “.” |
| – Subversion | N3 Bytes | Minor version – 1 or 2 characters |
| MInstance | N4 Bytes | Identifier of Virtual Space. |
| N5 Bytes | ||
| N6 Bytes | ||
| N7 Bytes | ||
| DescrMetadata | N8 Bytes | Descriptive Metadata |
Risk Matrix: a table composed of two rows for the risks and four columns for the characteristics. Table 1 gives the four characteristics, defined by [6] for the Vertical Risks considered. Each risk has four characteristics as indicated in Table 1.
Table 1 – Risk characteristics
| N. | Characteristic | Data type |
| 1 | Occurrence | Real |
| 2 | Business Impact | Real |
| 3 | Gravity | Real |
| 4 | Risk retention | Percentage (%) |
- Occurrence: The likelihood of the risk happening [6] measured with three possible outcomes:
| Low | 1 | the risk may occur only in exceptional circumstances or is unlikely to occur. |
| Medium | 2 | the risk may occur at some time. |
| High | 3 | the risk is expected to occur. |
- Business Impact: consequences of a risk event [6]. It can take three values:
| Minor | 1 | Relatively minor changes in the company processes, and/or products and services. |
| Moderate | 2 | Some minor changes in the company processes and/or products and services. |
| Major | 3 | Company processes and/or products and services are altered significantly. |
- Gravity: impact on the ability of the company to deliver compliant products to the customer; to the internal efficiency; to damage to people, the environment, or property measured in terms of the estimated time needed to restore normal business activities. It can take five values:
| Irrelevant | 1 | The risk has no impact on the ability to deliver compliant products to the customer; no loss of internal efficiency; no damage to people, environment, or property. The estimated recovery time is from 1 to 8 hours. |
| Not very relevant | 2 | The risk has minor impacts on the ability to deliver compliant products to the customer; marginal loss of internal efficiency; no damage to people, environment, or property. The estimated recovery time is from 2 to 5 days. |
| Relevant | 3 | May result in significant sensitive consequences on product conformity or on-time delivery; may lead to a substantial loss of internal efficiency (massive rework or 100% selections); no damage to people and the environment but possible major damage to property. The estimated recovery time is from 3 to 10 days. |
| Very relevant | 4 | Can have very important consequences on the conformity of the products or the impossibility of their delivery; no damage to persons, any marginal damage to the environment or major property damage. The estimated recovery time is from 4 to 14 days. |
| Serious | 5 | The occurrence of the risk has very important consequences on the conformity of products or the impossibility of delivery; involves damage to people, the environment or damage important damage to property. The estimated recovery time is greater than 15 days. |
- Risk Retention portion of the risk that the Company decides to retain (percentage) [6].
5 Conformance Testing
A Data instance Conforms with Secondary Risk Matrix (CUI-XYZ) V2.0 if:
- The Data validates against the Secondary Risk Matrix’s JSON Schema.
- All Data in the Secondary Risk Matrix’s JSON Schema
- Have the specified type.
- Validate against their JSON Schemas.
- Conform with their Data Qualifiers if present.
