Create New Operational vulnerability form

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read

    • On the Create New Operational vulnerability form, fill in the fields.

    Table 1. Create New Operational vulnerability form
    Field Description
    Number Number of the vulnerability. This field is automatically set.
    Name Name of the vulnerability. For example, Environmental vulnerability.
    Description Description of the vulnerability.
    State Workflow state of the vulnerability. This field is automatically set to New.
    Type Nature or type of the vulnerability. This field is automatically set to Vulnerability Type.
    Severity Severity of the vulnerability. The choices are as follows:
    • Low
    • Medium
    • High
    • Critical
    Sub-type Sub type of vulnerability. For example, Documentation Loss.
    Priority Priority of the vulnerability. The choices are as follows:
    • 1 - Critical
    • 2- High
    • 3 - Moderate
    • 4 - Low
    • 5 - Planning
    • None
    Note:
    The default value in this field is set to Planning.
    Primary entity Entity impacted by the case. Only the entities identified in the impacted areas are available for selection as the primary entity.
    Entity owner User who is the owner of the entity. This field is automatically set based on the entity selected in the Impacted areas related list.
    Personal information
    Contains personal information Field to decide if the breach contains personal information. The choices are as follows:
    • To be decided: Select this option if you’re not sure if the breach has personal information.
    • Yes: Select this option if the breach has personal information.
    • No: Select this option if the breach doesn’t have personal information.
    Number of impacted individuals Number of people impacted by the case.
    Categories of data subjects/individuals impacted Define who is impacted by the case. The choices are as follows:
    • Customers
    • Employees
    Assignment
    Requester Person who reported the vulnerability.
    Assignment group Group assigned to the case.
    Note:
    The assignment group is preconfigured to the case type during configuration setup.
    Approvers Approvers of the vulnerability.
    Requested on behalf of Name of the person on whose behalf you’ve created the vulnerability.
    Analyst Analyst who will analyze and work on the vulnerability. The analyst is a part of the Assignment group.
    Watch list People who must be aware of the vulnerability.
    Primary origin
    Location Location where the vulnerability occurred. For example, the location is Japan.
    Impacted business unit Business unit that is impacted by the breach.
    Sub-location Sub-location of the vulnerability occurrence. For example, the sub location is Tokyo.
    Source Source of the vulnerability creation. This field is automatically set to Manual when the operational vulnerability is manually created. If the operational vulnerability is reported from the Employee Center, the field displays the source as Employee Center. The Operational Resilience manager can update the source or add the new source to the related area.
    Impacted department Department impacted by the vulnerability. The choices are as follows:
    • Finance
    • HR
    • IT
    • Marketing
    • Sales
    Source table Source table from where the vulnerability is created.
    Source record Source record of source object from where the vulnerability is created. For example, if the vulnerability is reported from risk events, then this field displays the name of the risk event from which the vulnerability is reported.
    Schedule
    Date of occurrence Date that the vulnerability occurred on. For example, the vulnerability may have occurred on 18-02-2024.
    Date of discovery Date that the vulnerability is discovered by you. For example, the vulnerability may have occurred on 18-02-2024, but is discovered by the user only on 12-03-2024.
    Due date Date that the vulnerability is due on.
    Closed date Date that the vulnerability is closed on.
    Reported date Date that the vulnerability gets reported on.
    Assessment start date Start date for the assessment or date that the vulnerability was analyzed on.
    Pending approval start date Date that the vulnerability was resolved on.
    Approved date Post case review date of the vulnerability.
    Findings
    Treatment Decision made for the treatment. The choices are as follows:
    • Accept
    • Avoid
    • Mitigate
    • Transfer
    • None
    Root cause analysis
    Root cause Primary cause of the vulnerability occurrence.
    Activity
    Work notes (Private) Notes or information regarding the vulnerability.
    Comments (Customer visible) Additional information regarding the vulnerability for the customers.
    Email Option to compose an email about the vulnerability to the stakeholders.
    Attachments Option to attach the PDF of the vulnerability.
    Action tasks Action tasks associated with the vulnerability.
    Primary origin Primary origin of the vulnerability.
    Impacted areas Impacted areas related to the vulnerability.
    Issues Issues related to the vulnerability.
    Approvers Approvers of the vulnerability.