Skip to main content

Values

IDLabelSort OrderDescription
inherentSafetyDesignInherent Safety Design0Controls that eliminate or reduce hazards through fundamental design choices. Addresses the threat at the architectural level rather than adding protective layers. Preferred approach per ISO/SAE 21434 secure-by-design principles.
protectiveMeasureProtective Measure1Add-on safeguards, guards, or barriers that reduce the likelihood or impact of a threat without changing the fundamental design. Examples: firewalls, encryption, intrusion detection systems.
informationForSafetyInformation for Safety2Warnings, instructions, training materials, or procedural guidance that inform users or operators about residual risks. Last-resort control tier in the safety hierarchy.

Safety Hierarchy

The three values follow the classic IEC/ISO safety control hierarchy, ordered from most to least effective: 
1. Inherent Safety Design  (eliminate the hazard)
       |
       v
2. Protective Measure      (guard against the hazard)
       |
       v
3. Information for Safety   (warn about residual risk)
The sort order (0, 1, 2) reflects this hierarchy. Controls of type inherentSafetyDesign are preferred over protectiveMeasure, which in turn is preferred over informationForSafety.

Field Binding

PropertyValue
Field IDriskControlType
Work Item TyperiskControl
Enum IDriskControlType
Field TypeEnum (multi-select)
The riskControlType field allows multiple values. A single risk control work item can combine multiple types (e.g., both protectiveMeasure and informationForSafety).

Companion Enumeration: controlType

A separate controlType enum provides a simplified three-value classification on the same riskControl work item type:
IDLabelSort Order
designDesign0
protectiveProtective1
informationInformation2
The controlType enum uses shorter labels and maps to the same hierarchy as riskControlType:
controlTyperiskControlType Equivalent
designinherentSafetyDesign
protectiveprotectiveMeasure
informationinformationForSafety

Lucene Queries

type:riskControl AND riskControlType:inherentSafetyDesign
type:riskControl AND riskControlType:protectiveMeasure
type:riskControl AND riskControlType:informationForSafety

Risksheet Usage

Risk controls appear in the Risksheet via the task column, which links TARA Records to riskControl work items using the mitigates link role. The riskControlType field is not directly displayed as a Risksheet column but can be used in:
  • PowerSheet column bindings for filtering or grouping risk controls by type
  • Lucene queries in dashboard KPI cards to count controls by type
  • Coverage analysis to verify that high-severity threats have design-level controls, not just informational ones

Configuration Notes

  • No other or unclassified fallback value exists. All risk control work items should be assigned at least one of the three types.
  • informationForSafety alone is generally insufficient for high-severity threats per ISO/SAE 21434. It should be used in combination with design or protective controls for threats with verdict scores of 3 or higher.
  • The multi-select capability means a single control can be classified as both protective and informational (e.g., an intrusion detection system that also generates operator alerts).
  • When documenting risk retention decisions, the absence of design-level controls should be explicitly justified in the taraClaims field of the associated TARA Record.