Risk Register
:::info Source
Sourced from services/enrollment-service/SERVICE_RISK_REGISTER.md in the documentation repo.
:::
| ID | Risk | Sev | Impact | Mitigation | Owner |
|---|---|---|---|---|---|
| R-EN-01 | Duplicate enrollment from saga retries | S2 | Double-charge appearance | Unique constraint; idempotent | Enrollment |
| R-EN-02 | Cross-tenant enrollment leak | S1 | Data leak | JWT tid; RLS; iso tests | Enrollment + Security |
| R-EN-03 | Enrollment not revoked on refund | S1 | Content after refund | Marketplace saga coordination; chaos tests | Enrollment + Marketplace |
| R-EN-04 | Expiration scheduler stuck | S2 | Active post-expiry | Cron reliability + alert | Enrollment + SRE |
| R-EN-05 | Seat count drift | S2 | Seat over-allocation | Transactional seat consumption + reconciliation | Enrollment + Marketplace |
| R-EN-06 | Completion event missed (progress DLQ) | S2 | Stuck active after completion | Reconciliation job; retry path | Enrollment + Progress |
| R-EN-07 | Bulk abuse by admin | S3 | Mass enrollment spam | Rate limit; audit; 4-eyes for > 10k | Enrollment |
| R-EN-08 | GDPR erasure incomplete | S1 | Regulator | Saga participation; replay test | Compliance + Enrollment |
| R-EN-09 | Assignment window → enrollment race | S3 | Duplicate enrollments | Idempotent on source.ref | Enrollment + Assignment |
| R-EN-10 | Course version withdrawal mid-enrollment | S3 | Broken playback | Validate at creation; handle gracefully | Enrollment + Catalog |