Open Risks
Purpose
This page lists unresolved risks that prevent the documentation from being treated as final approved technical documentation.
The risk register should be reviewed before every internal approval round.
Risk Severity
| Severity | Meaning |
|---|---|
| High | May affect security, financial integrity, tenant isolation, or recovery readiness |
| Medium | May affect operational reliability, developer onboarding, or audit readiness |
| Low | Documentation quality or follow-up improvement |
Current Open Risk Register
| ID | Risk | Severity | Owner | Status | Mitigation |
|---|---|---|---|---|---|
| RISK-RBAC-001 | RBAC matrix may not fully match actual backend permissions | High | CTO / Backend | Open | Review permission config and attach evidence in Evidence Log |
| RISK-TENANT-001 | Tenant isolation evidence is not attached | High | Backend | Open | Add school, supplier, and operator negative access evidence |
| RISK-CRED-001 | Credential lifecycle wording can be confused between cancellation and activation/deactivation | High | Product / Backend | Open | Keep SRS Alignment Notes and update RBAC wording |
| RISK-PAY-001 | Payment idempotency is not fully confirmed in documentation | High | Backend / Finance | Open | Verify duplicate callbacks, retries, and queue jobs |
| RISK-RESTORE-001 | Restore test evidence is missing | High | CTO / Operations | Open | Add last restore test date, environment, and validation result |
| RISK-RPO-001 | RPO wording is not formally approved | High | CTO | Open | Replace "zero data loss target" with approved measurable wording |
| RISK-API-001 | OpenAPI / Swagger final approval is pending | Medium | Backend | Open | Draft /openapi.yaml exists; validate with runtime route list and decide whether to host Swagger UI |
| RISK-INT-001 | Integration provider names and ownership are still TBD | Medium | CTO / Operations | Open | Confirm providers or mark as intentionally undisclosed |
| RISK-REL-001 | Release approval and rollback ownership require final confirmation | Medium | CTO / Product | Open | Update Release Management with actual approvers |
| RISK-SEC-001 | Security controls are documented but not backed by evidence | Medium | CTO / Security | Open | Add sanitized control evidence |
Closure Criteria
A risk can be closed only when:
- The owner confirms the final decision.
- Evidence is added or the limitation is explicitly accepted.
- The affected documentation page is updated.
- The Documentation Review Checklist is updated.
Rules
- Do not close risks based on assumption.
- Do not downgrade financial, tenant isolation, or credential risks without technical confirmation.
- Use
Accepted Riskonly when the responsible owner explicitly accepts it.