# Risk Register Template

Use this template for risk assessment. Save as `_docs/02_document/risk_mitigations.md`.
Subsequent iterations: `risk_mitigations_02.md`, `risk_mitigations_03.md`, etc.

---

```markdown
# Risk Assessment — [Topic] — Iteration [##]

## Risk Scoring Matrix

|  | Low Impact | Medium Impact | High Impact |
|--|------------|---------------|-------------|
| **High Probability** | Medium | High | Critical |
| **Medium Probability** | Low | Medium | High |
| **Low Probability** | Low | Low | Medium |

## Acceptance Criteria by Risk Level

| Level | Action Required |
|-------|----------------|
| Low | Accepted, monitored quarterly |
| Medium | Mitigation plan required before implementation |
| High | Mitigation + contingency plan required, reviewed weekly |
| Critical | Must be resolved before proceeding to next planning step |

## Risk Register

| ID | Risk | Category | Probability | Impact | Score | Mitigation | Owner | Status |
|----|------|----------|-------------|--------|-------|------------|-------|--------|
| R01 | [risk description] | [category] | High/Med/Low | High/Med/Low | Critical/High/Med/Low | [mitigation strategy] | [owner] | Open/Mitigated/Accepted |
| R02 | | | | | | | | |

## Risk Categories

### Technical Risks
- Technology choices may not meet requirements
- Integration complexity underestimated
- Performance targets unachievable
- Security vulnerabilities in design
- Data model cannot support future requirements

### Schedule Risks
- Dependencies delayed
- Scope creep from ambiguous requirements
- Underestimated complexity

### Resource Risks
- Key person dependency
- Team lacks experience with chosen technology
- Infrastructure not available in time

### External Risks
- Third-party API changes or deprecation
- Vendor reliability or pricing changes
- Regulatory or compliance changes
- Data source availability

## Detailed Risk Analysis

### R01: [Risk Title]

**Description**: [Detailed description of the risk]

**Trigger conditions**: [What would cause this risk to materialize]

**Affected components**: [List of components impacted]

**Mitigation strategy**:
1. [Action 1]
2. [Action 2]

**Contingency plan**: [What to do if mitigation fails]

**Residual risk after mitigation**: [Low/Medium/High]

**Documents updated**: [List architecture/component docs that were updated to reflect this mitigation]

---

### R02: [Risk Title]

(repeat structure above)

## Architecture/Component Changes Applied

| Risk ID | Document Modified | Change Description |
|---------|------------------|--------------------|
| R01 | `architecture.md` §3 | [what changed] |
| R01 | `components/02_[name]/description.md` §5 | [what changed] |

## Summary

**Total risks identified**: [N]
**Critical**: [N] | **High**: [N] | **Medium**: [N] | **Low**: [N]
**Risks mitigated this iteration**: [N]
**Risks requiring user decision**: [list]
```