Integrations Inventory and Attributes - Risk attributes for the Integrations Inventory

Integrations Inventory and Attributes

Risk attributes for the Integrations Inventory

Risk attributes capture the known risk profile of each Integration — the likelihood and impact of failure, data compromise, or compliance breach.

Attribute Name	Maturity	Description and Notes
Assessed Risk	Crawl	Description — The overall risk rating for this integration — the combined assessment of likelihood and impact of integration failure, data loss, or security compromise. Benefit(s) — Surfaces high-risk integrations for priority governance attention. The combination of Assessed Risk, Business Criticality, and Data Sensitivities produces the integration risk profile that drives monitoring investment, remediation prioritization, and change management controls. Source — Manual. Examples — Very High, High, Medium, Low, Very Low Notes — Valid values: Very High \| High \| Medium \| Low \| Very Low. Risk considerations: no retry logic, no middleware governance, undocumented schema, single maintainer, sensitive data with no encryption, approaching API version EOL, point-to-point with no monitoring. Assessed annually.
Key Risk Factors [Multi-Value]	Walk	Description — The specific vulnerabilities or conditions driving the Assessed Risk rating for this integration. Benefit(s) — Translates the overall risk rating into actionable remediation targets. A practitioner who reads the Key Risk Factors knows exactly what to fix. Source — Manual. Examples — Point-to-point with no middleware; No retry logic; Undocumented transformation; Single maintainer (key person dependency); API version approaching EOL; No encryption in transit; No monitoring or alerting; Sensitive data with no data masking Notes — Separate multiple risk factors with semicolons.
Risk Trend	Run	Description — The direction of travel of the risk profile of this integration over the past review period. Benefit(s) — Enables early warning of deteriorating integration risk before it reaches an incident threshold. Source — Manual. Examples — Improving, Stable, Deteriorating

Attribute Name

Maturity

Description and Notes

Assessed Risk

Crawl

Description — The overall risk rating for this integration — the combined assessment of likelihood and impact of integration failure, data loss, or security compromise.

Benefit(s) — Surfaces high-risk integrations for priority governance attention. The combination of Assessed Risk, Business Criticality, and Data Sensitivities produces the integration risk profile that drives monitoring investment, remediation prioritization, and change management controls.

Source — Manual.

Examples — Very High, High, Medium, Low, Very Low

Notes — Valid values: Very High | High | Medium | Low | Very Low. Risk considerations: no retry logic, no middleware governance, undocumented schema, single maintainer, sensitive data with no encryption, approaching API version EOL, point-to-point with no monitoring. Assessed annually.

Key Risk Factors

[Multi-Value]

Walk

Description — The specific vulnerabilities or conditions driving the Assessed Risk rating for this integration.

Benefit(s) — Translates the overall risk rating into actionable remediation targets. A practitioner who reads the Key Risk Factors knows exactly what to fix.

Source — Manual.

Examples — Point-to-point with no middleware; No retry logic; Undocumented transformation; Single maintainer (key person dependency); API version approaching EOL; No encryption in transit; No monitoring or alerting; Sensitive data with no data masking

Notes — Separate multiple risk factors with semicolons.

Risk Trend

Run

Description — The direction of travel of the risk profile of this integration over the past review period.

Benefit(s) — Enables early warning of deteriorating integration risk before it reaches an incident threshold.

Source — Manual.

Examples — Improving, Stable, Deteriorating

Legal Disclaimers