Risk register
What can go wrong, how likely, and how bad. Severity = probability × impact. Required artifact in ISO 15288 / IEC 62304 / ISO 14971.
10 risks total. 1 critical + 5 high active.
Probability × Impact heatmap
| P5 | |||||
|---|---|---|---|---|---|
| P4 | 1 | 1 | |||
| P3 | 2 | 2 | 2 | ||
| P2 | 2 | ||||
| P1 | |||||
| I1 | I2 | I3 | I4 | I5 |
← Impact
criticalhighmediumlow
Risk register (sorted by severity)
| ID | Title | P | I | Severity | Status | Owner |
|---|---|---|---|---|---|---|
| R-001 | Fake / bot profiles erode user trust | 4 | 4 | 16 · critical | analyzed | Trust & Safety Lead |
| R-002 | Match algorithm demographic bias | 3 | 5 | 15 · high | identified | ML Engineer |
| R-005 | Under-18 user bypasses age verification | 3 | 5 | 15 · high | identified | Trust & Safety Lead |
| R-006 | ML training data contains PII | 3 | 4 | 12 · high | analyzed | ML Engineer |
| R-009 | Key-person dependency on single ML engineer | 3 | 4 | 12 · high | identified | Founder / CEO |
| R-003 | Data breach exposing private messages | 2 | 5 | 10 · high | analyzed | Backend Engineer |
| R-004 | Apple App Store rejection on IAP rule | 2 | 5 | 10 · high | mitigated | iOS Developer |
| R-007 | Twilio SMS costs explode during viral growth | 3 | 3 | 9 · medium | accepted | Backend Engineer |
| R-010 | EU DSA non-compliance — algorithmic transparency | 3 | 3 | 9 · medium | identified | Lead GDPR Supervisory Authority (Irish DPC) |
| R-008 | Competitor launches values-matching feature | 4 | 2 | 8 · medium | identified | Product Manager |