Annex F
FIRE uses four primary disruption categories, each with subtypes, to classify how a service was disrupted. Multiple types may apply to the same incident. This field is essential from the Intermediate phase.
| Type | Description |
|---|---|
| Availability Loss | |
| Total | Complete loss of service or function — the service is wholly unavailable to users. |
| Partial | Loss of service for some users or some functions, while other users or functions remain accessible. |
| Intermittent | The service alternates between being available and unavailable — users experience repeated outages during the incident window. |
| Degradation | The service remains available but performs at significantly reduced capacity or speed, affecting user experience and operational throughput. |
| Integrity Loss | |
| Manipulation | Data or system outputs have been deliberately altered without authorisation — affecting the accuracy or reliability of information. |
| Corruption | Data or system state has been damaged or made inaccurate, typically through an unintended technical failure rather than deliberate action. |
| Destruction | Data or systems have been intentionally or irreversibly destroyed, rendering them unrecoverable without backup restoration. |
| Confidentiality Loss | |
| Unintended Disclosure | Sensitive or protected information has been shared or made accessible to unauthorised parties inadvertently — without intent to disclose. |
| Unauthorised Acquisition | Sensitive or protected information has been deliberately accessed, copied, or exfiltrated by an unauthorised party. |
| Loss of Trust | |
| Impersonation | The entity, its communications, or its services have been falsely represented by an unauthorised party — for example, fake websites, spoofed emails, or fraudulent customer contact. |
| Disinformation | False or misleading information about the entity has been deliberately created and circulated — for example, fabricated news, false statements attributed to the entity. |
| Rumour | Unverified or speculative information about the entity has spread — without confirmation that it is deliberate disinformation — causing reputational or operational harm. |
| Other | |
| Unknown | The type of service disruption has not yet been determined. |
| Other | The disruption type does not fit any of the above categories. A free-text description should be provided where possible. |