Risk Register

:::info Source Sourced from services/analytics-service/SERVICE_RISK_REGISTER.md in the documentation repo. :::

ID	Risk	Sev	Impact	Mitigation	Owner
R-AN-01	Cross-tenant query leak	S1	Data breach	Auto-injected tenant filter; pre-execution validator; audit log	Analytics + Security
R-AN-02	PII in hot tier	S1	GDPR violation	Hash at firehose; audit tier separate cluster	Analytics + Compliance
R-AN-03	Ad-hoc SQL abuse	S1	DoS / leak	Timeout; parser; tenant filter enforced	Analytics + Security
R-AN-04	AI-generated SQL destructive	S1	Data deletion	Schema-constrained gen; destructive ops blocked	Analytics + AI
R-AN-05	At-risk predictor bias	S1	Discriminatory outcomes	Quarterly eval; HITL; dispute process	Analytics + AI + Compliance
R-AN-06	Ingestion lag	S2	Stale dashboards	Firehose autoscale; alert	Analytics + SRE
R-AN-07	Storage cost runaway	S3	Margin	Retention enforcement; per-tenant caps	Analytics + Finance
R-AN-08	GDPR erasure slow on cold tier	S2	Regulator	30-day SLA; rewrite Parquet in background	Analytics + Compliance
R-AN-09	Schema drift breaks projections	S2	Dashboards broken	Schema registry + CI gate	Analytics
R-AN-10	Export quota abuse	S3	DoS	Per-tenant rate + size limits	Analytics
R-AN-11	Cross-region residency violation	S1	Regulator	Per-region ClickHouse cluster; residency saga	Analytics + Platform
R-AN-12	Platform-admin cross-tenant abuse	S2	Insider threat	Audit + 4-eyes; justification required	Platform + Security
R-AN-13	ClickHouse node failure	S2	Query outage	Replica failover; alert	SRE + Analytics
R-AN-14	AI budget exhaustion	S3	Insights blocked	Per-tenant budget; fallback canned reports	Analytics + AI
R-AN-15	False anomaly flood	S3	Alert fatigue	Tune thresholds; dedup similar alerts	Analytics + AI