AREA OF IMPACT

IT / TECHNOLOGY REGULATORY / LEGAL / SECURITY / HUMAN

RATING FINANCIAL / REPORTING MARKET / REPUTATION
RELATED COMPLIANCE RESOURCES / H&S
HIGH 3  Financial impact  Loss of systems  Serious failure to  Embarrassment for  Unexpected /
greater than leading to severe or comply with legal or Government/ Public unplanned loss of
Rs.1,000,000. ongoing business regulatory Inquiry. several key executive
disruption > 1 day. requirements that  Results in sustained team members /
 Management may result in adverse media GMs / CEO.
information used in significant fines/ coverage at a  Death / serious injury
key decision-making penalties. State/National level. to a staff member /
is:  Significant breach of  Adverse questions by member of the public.
code of ethics or government officials.  Consequences which
 misleading or accepted industry  Government may lead to
excessive, or practices. involvement cancellation of ISO
 not available for  Breach of code of necessitated. certification
>3 weeks. ethics or accepted  Sustained, adverse  Unexpected /
 Major IT security industry practices. client/ stakeholder unplanned loss of a
breach or comments or key senior executive
computer complaints. team member
program  Significant adverse considered to be a key
processing error media coverage. dependency.
affecting >10% of  Board involvement  Serious injury to staff/
customers or necessitated Dangerous near miss.
suppliers as well  Consequences which
as operations may lead to temporary
monitoring suspension or delay in
systems. renewing ISO/OHSAS
certification.

 Non-compliance with
approved PIEDMC
security plan.
 AREA OF IMPACT

IT / TECHNOLOGY REGULATORY / LEGAL / SECURITY / HUMAN

RATING FINANCIAL / REPORTING MARKET / REPUTATION
RELATED COMPLIANCE RESOURCES / H&S

MEDIUM 2  Financial impact  Loss of systems  Failure to comply  Adverse media  Unexpected/
greater than or equal leading to severe or with legal or coverage. unplanned loss of a
to Rs.500,000 but ongoing business regulatory  CEO and/or Senior staff member
less than disruption > 1 hour. requirements in non- Management considered to be a key
Rs.1,000,000.  Management serious and isolated involvement dependency.
information being cases. necessitated.  Minor injury but no
used for reporting is:  Little or no impact to  Terminal facility users lost time.
code of ethics or concern.
 poorly accepted industry
presented, or practices.
 not available for
<1 week.
 Major IT security
breach or
computer
program
processing error
affecting <5% of
customers /
suppliers.
LOW 1  Financial impact Not applicable Not applicable  Limited adverse media  Unexplained/
greater than or equal coverage. unplanned loss of a
to Rs.500,000 but  Resolved in a day to senior staff member.
less than Rs.100,000. day management.  Minor injury but no
 AREA OF IMPACT

IT / TECHNOLOGY REGULATORY / LEGAL / SECURITY / HUMAN

RATING FINANCIAL / REPORTING MARKET / REPUTATION
RELATED COMPLIANCE RESOURCES / H&S
lost time.
 Minor injury of
member of the public.
 Unexpected/
unplanned loss of a
single staff member