An  Agent is an Operating Asset which is able to participate actively to Behaviors, to produce and react to Outcome Events.

1.  Agents participate to Action Processes (Active Participant) and/or conduct Action Processes (Performed Process).

2.  Agents participate to Interaction Process (Scenario Participant) describing how they interact with other  Agents.

These actions and interactions define  Agents boundaries described by Service Interfaces.

An  Assurance Case is a claim that a particular enterprise asset or group of Functional Asset adequately mitigates certain identified Risk Types by means of appropriated Control Measures.

An  Assurance Case shall provide confidence that the concerned assets will function as intended in their environment of use.

Privacy Processing Activity(ies), Data Lineages are examples of  Assurance Cases .

An  Assurance Instrument is a resource or course of actions used by an Assurance System to achieve its objectives.

For instance:

Actions plans are course of actions aimed at solving incidents.

Data Controls are mechanisms used to ensure data quality and data integrity

Privacy Representatives are used to identify national entities in charge of privacy.

An  Assurance System is a Management System aimed at ensuring enterprise compliance, resilience, and risk mitigation against both internal and external Policys and threats. It encompasses processes, Directives and technologies that work in concert to validate enterprise adherence to policy requirements, industry standards, and internal policies while simultaneously bolstering the enterprise's ability to withstand and adapt to various challenges and disruptions.
ensuring enterprise compliance and resilience against internal and external constraints:

a. Regulation constraints: they defined what is allowed and not allowed by the law (See  Regulation Article).

b. Internal policies and rules constraints: they defined what is allowed and not allowed by the enterprise (see Business Policy).

c. Operational constraints: they maintain operational capacities of the company (maintain ability to produce, maintain quality, ensure product development , ability to hire, to train, etc, see Business Rule).

d. Architectural constraints: they guide design decisions and shape the overall structure of a system (see  Architecture principle).

A  Behavior is an Operating Asset that describes any action or reaction of an Agent to external or internal Behavioral Events.  Behaviors include Action Processes (action), Interaction Processs (stories) or interactions (Service Interface).

The course of actions of a  Behavior is constrained ( Rule Enforcement) by the application of Behavioral Rules that define what is allowed and not allowed to do.

 Functional Assets encompasse all Asset Types used to describe why and how systems operate/function. This includes the Operating Eco-System where system operates to fulfill these purposes (Agents and their  Behaviors).

 Functional Assets include:

1. Blocks defining results of Behaviors of the enterprise or its sub-systems, that benefit to it internal or external customers : Outcome Event,

2. Blocks used to describe information: Information Asset.

3. Blocks used to describe how the enterprise operates: Operating Assets (Agent, Behavior, Service Interface).

All  Functional Assets are constrained by Policys and are exposed to Risk Types.

An  Information Asset  represents anything that can be communicated or memorized by an Agent to produce and react to Outcome Events.

An  Information Asset is either an Information Entity or an  Information Property.
The difference lies in their relationship to change and to time. Information Entity(ies) can change over time and have a lifeycle while  Information Propertys are immutable characteristics.

A  Policy is a Directive that is not directly enforceable whose purpose is to govern, guide or constrain the structure and Behavior of Agents in the enterprise.

Policies provide the basis for rules and govern Behaviors carried out by Agents.

Example of Policys are Regulation Articles, Business Policys or Architecture principles.

A  Risk Type is a distinct category or classification of risk based on its origin, nature, or potential impact. It helps in organizing and addressing different sources of uncertainty or potential harm that an individual, organization, or system might face. By categorizing risks into different types, entities can develop more targeted mitigation strategies and response plans.

Common risk types include Operational Risk Type, Privacy Risk Type, and Compliance Risk Type, among others,

 Architecture principles are general guidelines (Policy) that serve as constraints that guide design decisions and shape the overall structure of a system. They:

- Establish boundaries for design choices.

- Ensure consistency across the system

- Promote desired qualities (Condition Property: e.g., scalability, maintainability)

- Align architecture with business goals and requirements

 Architecture principles act as guardrails, helping architects make informed decisions while limiting options to those that best serve systems' efficiency and robustness.

A  Control Directive is a kind of Policy that provides recommendations on how to comply with Regulation Articles.

Once implemented,  Control Directives enforces any  Regulatory Framework your enterprise has to comply with.

A  Location is a geopolitical location anywhere on the earth.

Examples:

- France

- Paris

- Washington DC

- Cairo

- Buenos-Aires

- Asia

A  Policy Framework is a set of Policy Assets, defined in laws published by governements or in policy frameworks defined by the enterprise.

Both Business Policy Frameworks and Regulatory Frameworks are Policy Framework(ies).

Compulsory Policy, define by law, that is not directly enforceable whose purpose is guide enterprise activities.

 Regulation Articles are classified by Regulation section in the context of a Regulatory Framework.

A  Regulation section is a classification of  Regulation Articles.

 Regulation sections can be themselves organized as a classification hierarchy.