A Caveris ICAS Control is the underlying mechanism by how an Activity is enforced. A Control is the object within Caveris ICAS that is tracked (and often executed).

A Caveris ICAS Activity is the actual activity carried out to deliver a specific function – Adding a User & Removing a Firewall Rule are examples of activities.  

A Caveris ICAS Discipline is a set of activities grouped into a specific subject area – i.e. the Firewall Management Discipline would comprise all the activities required to manage Firewalls.

The Infrastructure (or Service) is a grouping of discrete technology environments within the Technology Domain. Within the Corporate Domain there is a Corporate DAC (Disciplines, Activities & Controls) Infrastructure where all non-technology related Information Security Controls are grouped. Additionally in the case of licensing the ISO 27001 Regulatory Standard module an additional ISMS Infrastructure is used to group all non-Annex A Information Security Controls together.

The second level category is then used to further group the Organisation; Caveris ICAS comprises 2 Domains – Corporate & Technology. The Corporate Domain is used to group all non-technology related objects, and the Technology Domain is used to group all technology related objects.

The top level object, this is typically the Business Name (e.g. ACME Bank).