Risk Register
:::info Source
Sourced from services/progress-service/SERVICE_RISK_REGISTER.md in the documentation repo.
:::
| ID | Risk | Sev | Impact | Mitigation | Owner |
|---|---|---|---|---|---|
| R-PG-01 | Statement loss in transit | S1 | Compliance data loss | Client outbox; idempotent ingest; dedup on statementId; Merkle audit | Progress + Delivery |
| R-PG-02 | Cross-tenant statement injection | S1 | Data leak | JWT tid; actor-tid match; RLS | Progress + Security |
| R-PG-03 | Completion forgery | S1 | Unearned certs | Completion derived server-side from statements; evidence-statement linked | Progress + Certification |
| R-PG-04 | xAPI conformance regression | S2 | Lost certification | ADL conformance in CI; badge maintained | Progress |
| R-PG-05 | Partition detach during query | S2 | Query errors | Detach off-peak; replica serves long queries | Progress + SRE |
| R-PG-06 | Out-of-order replay → wrong outcome | S2 | Misreported passes/fails | Projector idempotent; recomputes on new statement; timestamp authoritative | Progress |
| R-PG-07 | GDPR erasure incomplete | S1 | Regulator fine | Mandatory saga; replay test; compliance review | Compliance + Progress |
| R-PG-08 | Storage cost runaway (regulated 7y retention) | S3 | Margin | Parquet cold archive; per-tenant retention config | Progress + Finance |
| R-PG-09 | Signed-statement signature bypass | S2 | Forgery | Signature required for 3rd-party LRS; JWS verified | Progress + Security |
| R-PG-10 | xAPI query injection via filters | S2 | DB exposure | Typed filter parser; no string SQL; ORM only | Progress + Security |
| R-PG-11 | Duplicate completion event emitted | S3 | Downstream (cert) double-issue | Idempotent consumer; completion PK (tenant, attempt) | Progress + Certification |
| R-PG-12 | Clock skew → timestamp anomalies | S3 | Misordered transcripts | stored server-time; alert on timestamp>stored+5min | Progress + SRE |
| R-PG-13 | Attempt number race on concurrent retakes | S3 | Wrong numbering | DB sequence per enrollment; unique constraint | Progress |
| R-PG-14 | Large transcript (100k statements) slow | S3 | Admin UX | Paginated transcript; PDF generator streams | Progress |
| R-PG-15 | PHI in statements leaked to analytics | S1 | HIPAA violation | Pre-firehose redaction; per-tenant policy | Progress + Analytics + Compliance |
Governance
- Weekly: Progress Eng + Compliance review.
- Completion idempotency + GDPR replay tests on every release.