Risk levels

Controlled vocabulary for risk_governance.level values that capture failure impact and control expectations.

Source fields

• risk_governance.level

Usage notes

• Risk level should reflect plausible failure impact in the intended workflow, not only average-case behavior.
• Raise the level when privacy, regulatory exposure, irreversible actions, or large downstream effects are present.
• Risk level and autonomy level should be chosen together so control expectations remain coherent.

Terms

Low

• Stable id: low
• Summary: Failures are usually reversible, localized, and inexpensive to detect and correct.
• Definition: Use for workflows where mistakes create limited inconvenience or rework and do not materially affect regulated outcomes, finances, safety, or trust.
• Selection guidance: Choose this when lightweight review and basic logging are usually sufficient because impacts are small and recovery is straightforward.
• Related ids: moderate
• Used by patterns:
• Workflow hand-off and completion
• Change-triggered context briefing
• Shared workbench orchestration
• Claimed state verification
• Explainable watchlist maintenance
• Adaptive review sampling-rate tuning
• Adaptive threshold calibration
• Calendar conflict coordination
• Control requirement attestation recommendation
• Normalization and enrichment

Moderate

• Stable id: moderate
• Summary: Failures can create material rework, customer impact, or localized policy issues, but harm is still usually containable.
• Definition: Use for workflows where mistakes may affect service quality, internal controls, or team productivity and require deliberate correction before they spread.
• Selection guidance: Choose this when stronger validation, clearer ownership, and routine audit trails are needed, even though failures are not generally existential.
• Related ids: low, high
• Used by patterns:
• Exception-aware task execution
• Research synthesis with citation verification
• Analyst copilot loop
• Authoritative record reconciliation
• Anomaly detection review
• Queue prioritization optimization
• Schedule adjustment and replanning
• Delegated authority option ranking
• Readiness gate disposition recommendation
• Change-triggered representation refresh
• Document to structured data handoff

High

• Stable id: high
• Summary: Failures can cause significant financial, operational, compliance, or customer harm if not tightly controlled.
• Definition: Use for workflows where incorrect recommendations or actions could produce major losses, meaningful regulatory exposure, or difficult-to-reverse downstream effects.
• Selection guidance: Choose this when approvals, segregation of duties, strong evidence capture, or constrained autonomy are expected parts of the operating model.
• Related ids: moderate, critical
• Used by patterns:
• Staged change execution with rollback holds
• Approval-gated briefing release
• Approval packet generation
• Approval-centered collaboration
• Approval-gated collaborative artifact release
• Evidence-gated verification for release
• Incident root cause analysis
• Approval-gated triage dispatch
• Risk alert triage
• Approval-gated optimization-state release
• Governed optimization bundle retuning
• Authoritative change coordination refresh
• Approval-gated recommendation release
• Deal desk recommendation support
• Policy-constrained escalation routing
• Approval-gated transformation release
• Batch content transformation

Critical

• Stable id: critical
• Summary: Failures can create severe or systemic harm, including major legal, safety, fiduciary, or enterprise-wide consequences.
• Definition: Use for workflows where errors could trigger substantial regulatory breach, major financial exposure, unsafe outcomes, or widespread irreversible damage.
• Selection guidance: Choose this only when the workflow demands the highest control posture, with rigorous approvals, complete auditability, and very limited tolerance for autonomous action.
• Related ids: high
• Used by patterns:
• Browser-based form completion with approval gates
• Human-directed task orchestration
• Crisis briefing evidence synthesis
• Critical protected artifact collaboration
• Critical authoritative state restoration
• Critical signal corroboration triage
• Critical protected-priority adaptation
• Contingency plan activation gate
• Critical command-window resequencing
• Critical escalation authority recommendation
• Critical channel-safe state packaging

Canonical source

• data/vocabularies/risk-levels.yaml