Organization

 

The following required table details the validation rules for  Organization fields related to risk of cyber attack.

 

Please note that most fields are optional.

Mandatory fields are highlighted. For your convenience, the table is sortable by column head.

 

Field

Description

Validation Rules

Default Value

Data Type

Mandatory/ Optional

Common Core

Organization Name

Organization name

Can contain up to 255 characters

N/A

String

Mandatory

Yes

Organization SID

Unique, product-assigned organization identifier

Must be unique.

N/A

Integer

Mandatory

 

Contract SID

Unique, product-assigned contract identifier

 

N/A

Integer

Mandatory

 

Organization ID

Unique organization identifier

       Must be unique across Organization portfolio(s)

       Cannot begin with a space

       Cannot contain a semicolon or a colon

       Can contain up to 100 characters

 

String

Optional

 

Revenue

Most recent annual revenue

 

N/A

Float

Mandatory

Yes

Revenue Currency Code

Code for local currency

Currency indicated for this field is the currency to be used for all monetary fields associated with this Organization ID.

3-letter currency code must come from this list::

Currency Codes

N/A

String

Mandatory

 

Industry Code

NAICS industry code

2-6 digit industry code must come from this list:

NAICS Industry Codes

N/A

Int

Mandatory

Yes

Telephone Number

Telephone number of Organization headquarters

Can contain up to 25 characters

 

String

Optional

 

Address

Number and street name of Organization headquarters

Can contain up to 255 characters

 

String

Optional

 

Geography SID

Unique, product-assigned identifier

 

 

Integer

Optional

 

Country Code

Code for the country in which the organization is located

2 or 3 letter code must come from this list:

Country Codes

May also use the code "ZZ" to indicate unknown country or territory

 

String

Optional

Yes

Country Name

Name of the country in which the organization is located

 

 

String

Optional

 

Cresta Code

Code for the CRESTA zone in which this location is located.

When entering CRESTA codes, aggregate locations to use one location record (with the appropriate number of risks) for each unique combination of CRESTA, construction, occupancy, etc. Whenever possible, avoid having one location for each risk in a CRESTA zone.

 

The Catastrophe Risk Evaluating and Standardizing Target Accumulations organization is an independent body for the technical management of natural hazard coverage. See www.cresta.org for more information about this organization.

 

For lists of the CRESTA codes for each supported country, see CRESTA and Area Codes in the Exposure Data Validation Reference.

Can contain up to 15 characters

 

String

Optional

 

CRESTA Name

Name of the CRESTA zone in which this location is located

Can contain up to 255 characters

 

String

Optional

 

Area Code

Code for the area (state) in which this location is located

  

For lists of the area codes for each supported country, see see CRESTA and Area Codes in the Exposure Data Validation Reference.

Can contain up to 15 characters

 

String

Optional

 

Area Name

Name of the area (state)

Can contain up to 255 characters

 

String

Optional

 

Subarea Code

Code for the subarea in which this location is located

Can contain up to 15 characters

 

String

Optional

 

Subarea Name

Name of the subarea in which this location is located

Can contain up to 255 characters

 

String

Optional

 

Postal Code

Postal code of the postal area in which this location is located

Can contain up to 15 characters

 

String

Optional

 

Postal Name

Name of the postal area in which this location is located

Can contain up to 255 characters

 

String

Optional

 

Subarea 2 Code

Code for sub area in which this location is located (for use with Japan, Mexico, and New Zealand)

Can contain up to 15 characters

 

String

Optional

 

Subarea 2 Name

Name of the sub area in which this location is located (for use with Japan, Mexico, and New Zealand)

Can contain up to 255 characters

 

String

Optional

 

Revenue by Internet

Percentage of revenue that comes from the Internet

Number between 0 and 100

 

Float

Optional

 

Domain Name

Registered Domain name/names for the Organization

Can contain up to 100 characters

 

String

Optional

 

Internet Protocol(IP) range

Range of IP addresses licensed by the Organization

Can contain up to 1000 characters

 

String

Optional

 

Physical Locations

Number of physical locations in which the Organization is located

Can contain up to 100 characters

 

Integer

Optional

 

Founding Year

Year in which the Organization was founded

4-digit integer (YYYY)

 

Small Integer

Optional

 

Employee Count

Number of employees in the Organization

Can contain up to 100 characters

 

Integer

Optional

Yes

Ownership Type

Type of Organization ownership (LLC, SC, etc.)

Must be one of the following values:

       Unknown

       LP

       LLP

       LC

       LLC

       Corp

       Inc

       SP

       SA

       Ltd

       Other

Unknown

String

Optional

 

CISO Indicator

Indicates whether the Organization has a Chief Information Security Officer

Must be one of the following values:

       Unknown

       No

       Yes

Unknown

String

Optional

 

CPO Indicator

Indicates whether the Organization has a Chief Privacy Officer

Must be one of the following values:

       Unknown

       No

       Yes

Unknown

String

Optional

 

CDO Officer Indicator

Indicates whether the Organization has a Chief Digital Officer

Must be one of the following values:

       Unknown

       No

       Yes

Unknown

String

Optional

 

ISO 27001 Indicator

Indicates whether Organization is ISO-27001 certified/compliant.

An Organization can be partly certified baed on its Statement Of Applicability (SOA).

Must be one of the following values:

       Unknown

       No

       Yes

       Partly

Unknown

String

Optional

 

NIST 800-53 Indicator

Indicates whether Organization is NIST-800-53 certified/compliant.

Must be one of the following values:

       Unknown

       No

       Yes

Unknown

String

Optional

 

Cyber Essentials Indicator

Indicates whether the Organization meets the Cyber Essentials standard, which is a standard in the UK

Must be one of the following values:

       Unknown

       No

       Yes

       Plus

Unknown

String

Optional

 

SSAE 16 SOC-1/SOC-2/SOC-3 Attestations Indicator

Indicates whether the Organization has annual SOC-1/SOC-2/SOC-3 attestations

Must be one of the following values:

       Unknown

       No

       Yes

Unknown

String

Optional

 

PCI Data Security Standards Indicator

Indicates whether the Organization meets the PCI Data Security Standards

Must be one of the following values:

       Unknown

       No

       Level 1

       Level 2

       Level 3

       Level 4

Unknown

String

Optional

 

Business Recovery Score

Score based on the quality of the Business Recovery plan.

 

See the Quality Score Rubric to determine a score.

Select 'Excellent' score if you chose 'Yes' for ISO 27001 (and/or) NIST 800-53 Indicators.

Must be one of the following values:

       Unknown

       None

       Poor

       Below Average

       Average

       Above Average

       Excellent

       Other

Unknown

String

Optional

 

Network Intrusion Recovery Score

Score based on the quality of the Network Intrusion Recovery plan.

 

See the Quality Score Rubric to determine a score.

 

Select 'Excellent' score if you chose 'Yes' for NIST 800-53 Indicator.

Must be one of the following values:

       Unknown

       None

       Poor

       Below Average

       Average

       Above Average

       Excellent

       Other

Unknown

String

Optional

 

Security Policy Score

Score based on the quality of the security policy

 

See the Quality Score Rubric to determine a score.

 

Select 'Excellent' score if you chose 'Yes' for ISO 27001 (and/or)

NIST 800-53 (and/or) Cyber essentials Indicators.

Must be one of the following values:

       Unknown

       None

       Poor

       Below Average

       Average

       Above Average

       Excellent

       Other

Unknown

String

Optional

 

Vendor Security Policy Score

Score based on the quality of the vendor security policy

 

See the Quality Score Rubric to determine a score.

Must be one of the following values:

       Unknown

       None

       Poor

       Below Average

       Average

       Above Average

       Excellent

       Other

Unknown

String

Optional

 

Privacy Policy Score

Score based on the quality of the privacy policy

 

See the Quality Score Rubric to determine a score.

Must be one of the following values:

       Unknown

       None

       Poor

       Below Average

       Average

       Above Average

       Excellent

       Other

Unknown

String

Optional

 

Organization Quality Score

Subjective, insurer-assigned score based on the quality of the Organization not be used in modelling)

 

Must be one of the following values:

       Unknown

       None

       Poor

       Below Average

       Average

       Above Average

       Excellent

       Other

Unknown

String

Optional

 

IT Maturity Score

Subjective, insurer-assigned score

 

See the Quality Score Rubric to determine a score.

Must be one of the following values:

       Unknown

       None

       Poor

       Below Average

       Average

       Above Average

       Excellent

       Other

Unknown

String

Optional

 

Five Year Breach Count

Number of breach incidents that have occurred in the past five years

Must be greater than or equal to 0.

 

Integer

Optional

 

Breach History

Describes the Organization's past cyber breaches, if any

 

Please use the VERIS string if possible:

http://veriscommunity.net/schema-docs.html

Can contain up to 10000 characters

 

 

String

Optional

 

Mergers/ Acquisitions

Indicates whether the Organization has integrated any  IT systems as a result of any mergers/acquisitions in the last three years

Must be one of the following values:

       Unknown

       No

       Yes

Unknown

String

Optional

 

Cyber Security Management

Indicates whether the Organization's cyber security is managed internally or by a third party

Must be one of the following values:

       Unknown

       Internal

       Third party

Unknown

String

Optional

 

Network Segmentation

Indicates whether the Organization's network is segmented into subnetworks

Must be one of the following values:

       Unknown

       No

       Yes

Unknown

String

Optional

 

User Defined 1

User defined field #1

May be alphanumeric and may include hyphens and underscores

Can contain up to 60 characters

 

String

Optional

 

User Defined 2

User defined field #2

May be alphanumeric and may include hyphens and underscores

Can contain up to 60 characters

 

String

Optional

 

User Defined 3

User defined field #3

May be alphanumeric and may include hyphens and underscores

Can contain up to 60 characters

 

String

Optional

 

User Defined 4

User defined field #4

May be alphanumeric and may include hyphens and underscores

Can contain up to 60 characters

 

String

Optional

 

User Defined 5

User defined field #5

May be alphanumeric and may include hyphens and underscores

Can contain up to 60 characters

 

String

Optional

 

BitSight® Rating

BitSight Rating. Applies to licensed Bitsight clients only. User may not enter a value. The value will be pulled in with BitSight API.

3 characters.

Bitsight API will pass correct value to AIR software.

 

Integer

Optional

 

 

© 2016 AIR Worldwide. All rights reserved.