Risk Register
:::info Source
Sourced from services/notification-service/SERVICE_RISK_REGISTER.md in the documentation repo.
:::
| ID | Risk | Sev | Impact | Mitigation | Owner |
|---|---|---|---|---|---|
| R-NT-01 | Phishing via compromised template | S1 | Learner harm + brand damage | Template review; AI moderation; domain controls | Notification + Security |
| R-NT-02 | SMS toll fraud | S1 | Financial loss | Country allowlist; per-tenant caps; monitoring | Notification + Security + Finance |
| R-NT-03 | High bounce rate → provider deprioritization | S2 | Deliverability degrade | Suppression lists; bounce monitoring; list hygiene | Notification |
| R-NT-04 | GDPR — user unsubscribe | S2 | Regulator | Unsubscribe in every email (required by law); suppression list | Compliance + Notification |
| R-NT-05 | Over-notification fatigue | S3 | Churn | Preferences + digests; frequency caps | Notification + Product |
| R-NT-06 | Provider outage | S2 | Missed sends | Multi-provider + failover | Notification + SRE |
| R-NT-07 | AI copy offensive / off-brand | S3 | Trust | HITL review; safety check | Notification + AI |
| R-NT-08 | Cross-tenant template leak | S2 | Branding confusion | Tenant-scoped templates; iso | Notification |
| R-NT-09 | Push token stale → silent send failure | S3 | Missed notifications | Auto-cleanup; re-register on app launch | Notification |
| R-NT-10 | Webhook spoofing | S2 | Fake deliveries/bounces | HMAC signature validation | Notification + Security |
| R-NT-11 | PHI in email to healthcare tenant | S1 | HIPAA | Encrypted channels; no PHI in subject line | Notification + Compliance |
| R-NT-12 | Digest batching latency | S3 | Users see stale digest | Batch size tuned; alert if behind schedule | Notification + SRE |