First, a couple definitions. Defect Severity: the degree of impact a defect has on system operation. A defect is something observed, so impact can be empirically quantified. Risk Severity: the degree to which a hypothetical event, should it occur, would impact system operation. A risk event is something that has not occurred, so impact must be estimated or extrapolated.
The common element in both Risk Severity Assessment and Defect Severity is Impact on Revenue. The FMEA framework that AKF recommends uses 1 = Low, 3 = Med, and 9 = High, to represent the exponential effect of a high impact risk or defect
Impact on Revenue
No payments being collected and/or payment data security compromised (Critical)Payment collection being delayed by minutes (Major)P…