- Purpose
- One shared definition for every term referenced across the knowledge base.
- Used by
- Administrators, reviewers, reporters, partners.
Workspace & identity
| Term | Definition |
| Workspace | The organization-scoped boundary for members, roles, incidents, partners, sites, and settings. Every Castlewatch user operates inside exactly one workspace at a time. |
| Organization profile | The public-facing name, region, billing state, and plan context that partners and team members see. |
| Region | A label like a metro area, county, or regional network used to make the workspace recognizable to partners. |
| Mapped site | A saved location with coordinates (campus, event site, building) that reports and the dashboard map reference. |
| Member | A user account associated with the workspace and assigned exactly one role. |
Reporting
| Term | Definition |
| Incident | A durable record of one operationally meaningful event, with structured metadata, narrative, comments, sightings, and attachments. |
| Severity | The reporter or reviewer's assessment of potential impact: low, medium, high, or critical. |
| Operational status | What is still happening or needed: open, monitoring, resolved. Independent of severity. |
| Tags | Searchable labels reporters and reviewers apply to surface patterns (e.g., vehicle, repeat-pattern, threat-statement). |
| Sighting | A follow-up observation logged on the incident timeline after the original report (patrol confirmation, witness update, recurrence). |
| Attachment | A supporting file (photo, document, exported evidence) tied to an incident record. |
Moderation
| Term | Definition |
| Submitted | The report entered the workflow but no reviewer has claimed it. |
| Under review | A reviewer has claimed the report and is evaluating it. |
| Changes requested | The report needs clarification or correction before it can be verified. |
| Verified | The report is accepted for its selected visibility scope and becomes part of the durable record. |
| Rejected | The report will not proceed as an operational incident record (duplicate, out of scope, unsupported). |
| Return to review | Action that moves a previously closed report back into the review queue for additional redaction or clarification. |
Visibility & trust
| Term | Definition |
| Visibility | The audience scope for a verified incident: origin only, selected partners, trust group, or region. |
| Trusted partner | An organization with an explicit, stateful relationship to your workspace. |
| Connection state | Requested, connected, declined, or revoked — the lifecycle stage of a partner relationship. |
| Trust group | A named coalition of connected partners used as a shorthand for repeated visibility decisions. |
| Template MOU / NDA | Standard documents with tracked signature status and signer metadata, acknowledging the relationship. |
| Sharing defaults | Organization-level setting that influences the initial visibility choice on new reports. |
Access & alerts
| Term | Definition |
| Role | Org admin, reviewer, reporter, or viewer — determines which actions appear and which workflows are available. |
| Policy threshold | Minimum role required for sensitive actions like managing members, partner requests, or notification defaults. |
| Billing gate | A workflow that requires an active subscription before live use. |
| Organization notification defaults | Baseline alert routing for the organization, layered under each user's personal preferences. |
| Personal alert preferences | Per-user controls for event type, channel, severity threshold, quiet hours, and SMS destination. |
| MFA | Multi-factor authentication using an authenticator app; recommended for administrators and reviewers. |
| Quiet hours | A time window during which non-urgent notifications are suppressed for a user. |