The ORX Cyber Operational Risk Reporting Standards (C-ORRS) set out the standards you will use to report your cyber events to ORX. The definitions and principles are designed to help you with the consistency of reporting and data categorisation.
Contained within the standards are:
- Definitions, descriptions, examples and reporting requirements
- Detailed data categories such as cyber event types, threat actors, attack typologies, controls failed, etc.
- Reporting requirements for exposure indicators
In addition to the full C-ORRS pdf reference document, we provide an ORX Cyber Data Dictionary in Excel format. The data dictionary provides easy-to-use reference tables enabling quick look up of the categories and codes used in the cyber event data exchange, such as controls failed, attack typologies, etc. The data dictionary also provides a summary of the system validation checks that are used when data is submitted to ORX, such as required formats, mandatory fields, etc.
