Risk Register
Impact Assessment: Translate technical anomalies and compliance gaps into business risk and potential exposure. AI Actions:
| RISK-CM-01 | Unauthorized Production Changes | 5 | 4 | 20 | mitigated | Constant | 2 |
| RISK-CM-02 | Malicious Code Injection | 5 | 2 | 10 | mitigated | Constant | 2 |
| RISK-CM-03 | Lack of Backout Plan | 4 | 3 | 12 | assessed | Constant | 1 |
| RISK-PRIV-01 | Failure to Honor Deletion Requests | 5 | 3 | 15 | mitigated | Constant | 1 |
| RISK-PRIV-02 | Data Leakage in Lower Envs | 4 | 4 | 16 | identified | Constant | 0 |
| RISK-ACC-01 | Terminated Employee Access | 4 | 3 | 12 | mitigated | Constant | 1 |
| RISK-ACC-02 | Excessive Privileges | 3 | 5 | 15 | mitigated | Constant | 1 |
| RISK-ACC-03 | Shared Account Abuse | 3 | 4 | 12 | accepted | Constant | 0 |
| RISK-PHYS-01 | unauthorized Physical Entry | 5 | 2 | 10 | mitigated | Constant | 1 |
| RISK-PHYS-02 | Environmental Damage | 5 | 1 | 5 | mitigated | Constant | 1 |
| RISK-VEND-01 | Supply Chain Compromise | 5 | 3 | 15 | mitigated | Constant | 1 |
| RISK-VEND-02 | Vendor Insolvency | 4 | 2 | 8 | assessed | Constant | 1 |
| RISK-AST-01 | Shadow IT | 3 | 5 | 15 | identified | Constant | 0 |
| RISK-INC-01 | Undetected Data Breach | 5 | 3 | 15 | mitigated | Constant | 1 |