A Proposal for an Organization and Group Schema
This describes Organizations (legal entities that have been formed for business or social purposes) and Groups (groups of people formed together for a specific purpose) are used throughout GRC and SecOps software. Therefore, elementId, @id, coreMetaData, and context will always be present in Things.
The only difference in the schema between an organization and a group is that Organizations have Legal Names whereas Groups have Official Names. That and Groups don’t have Organizational Categories.
| Property | Expected Type | Description |
|---|---|---|
| Primary Electronic Mail address. | ||
| parentId | String | ID of the associated parent for this record. |
| description | String | This describes a Thing or Property. |
| legalName | String | Legally registered name of Organization. |
| primaryDomain | URL | The legally registered primary Internet domain name of the organization. |
| elementId | String | A unique and persistent identifier for the record within the system's data set. |
| url | String | The Uniform Resource Locator of an internet address. |
| names | Array | A collection of names. |
| @id | URL | The full unique link to the item so it's traversable by that property. |
| topLevelDomains | Array | A collection of TopLevel Domain (TLD's). |
| emailAddresses | Array | A collection of Email objects. |
| socialAddresses | Array | The various Internet locations that help disambiguate a person or organization, such as their FaceBook, LinkedIn, YouTube and Twitter Address. |
| phoneNumbers | Array | A collection of PhoneNumber. Which foreign key is used will be determined by the object the phone number is in. |
| organizationalCharacter | Object | The Organizational Character of an Organization, Group, or Initiative. |
| affiliations | Array | A collection of Affiliation. |
| organizationalCategories | Object | An array of Organizational Category. |
| context | Context | The JSON-LD context for the item in question. |
| postalAddresses | Array | An array of the object Postal Address. |
Common Elements
Organization and Group both have multiple common elements, such as description, URL, postalAddresses, socialAddresses, and phoneNumbers. These have all been approved for quite some time and can be found online at their respective URLs.
Parent ID
Many organizations have parents and are either wholly owned, partially owned, or even DBAs of other organizations. In other words, there’s a hierarchy here. Groups have much of the same structure, with ISO committees having subcommittees as a popular reference. Within This is the ID of the direct parent of the organization or group in question.
Names
Names are broken down into Legal Name (for organizations) and Official Name (for groups), as well as a listing of all other names the organization or group has been found to be known by.
Primary Domain and Top Level Domains
When you use a couple of the organizational disambiguation APIs, you’ll get a domain list for the organization as well as the organization’s primary domain. This provides a great clue to disambiguate organizations – especially if the standard is only tracking a name.
Organizational Character
The Organizational Character Index (OCI) is a self-scoring assessment tool developed by William Bridges, Ph.D. that helps organizations clarify their preferences. The OCI is based on the Myers-Briggs Personality Type Indicator. How that relates to GRC and SecOps is covered in the GRC Playbook online HERE.
Affiliations
Affiliations is a simple list of GRC and SecOps industry organizations (CSA, ISACA, ISC2, ISSA, etc.) that an organization or group might belong to.
Organizational Category
Groups do not have Organizational Categories. Organizational Categories is a great way to disambiguate organizations (other than their domain information). Organizational Category is a Thing as it can change over time, and those changes need to be tracked. Each response is also tracked to a Disambiguation Record so that the source of the Category can be represented.
| Property | Expected Type | Description |
|---|---|---|
| clearbitIndustry | String | This is the industry an Organization belongs to according to Clearbit. |
| sic2DigitCode | String | This is the two digit Standard Industrial Classification code assigned to an Organization. |
| naics6DigitCode | String | A North American Industry Classification System (NAICS) code is a six-digit code that classifies businesses by their economic activity into a specific sector. |
| clearbitSector | String | A distinct area of business as reported by Clearbit. |
| clearbitSubIndustry | String | A subset of Organization industries as reported by Clearbit. |
| unspscCode | String | The United Nations Standard Products and Services code of an Organization. |
| elementId | String | A unique and persistent identifier for the record within the system's data set. |
| @id | URL | The full unique link to the item so it's traversable by that property. |
| tags | Array | A collection of keywords that describes an item. |
| coreMetaData | Object | The object representation of the Thing CoreMetaData. |
| disambiguationRecordId | Object | Represents a record of an object from an AuthoritySource. |
| context | Context | The JSON-LD context for the item in question. |
| sic4DigitCode | String | This is the four digit Standard Industrial Classification code assigned to an Organization. |
| naics20226DigitCode | String | A North American Industry Classification System (NAICS) code is a six-digit code that classifies businesses by their economic activity into a specific sector as updated in 2022. |
| linkedinIndustryCodeV2 | String | LinkedIn's Industry Codes v2 is a list of industry codes for company and people searches. |