Communication Service — Service Risk Register

Status: populated Owner: TBD Last updated: 2026-04-17 Companion: Service Template

1. Risks

ID	Risk	Likelihood	Impact	Owner	Mitigation
R-COMMS-01	PHI leak in push / SMS / email payload	Medium	Critical	Security	Template-only payloads, pre-send assertions, periodic log scanner
R-COMMS-02	Ghasi-SMS-Gateway outage during critical escalation	Medium	High	Ops	Secondary SMS provider per tenant; fallback to push + in-app
R-COMMS-03	Virtual session adapter (Jitsi) TURN failure	Medium	High	Ops	Multi-region Jitsi pool; automatic fallback thread
R-COMMS-04	Attachment malware bypass	Low	Critical	Security	AV scan gate + sandboxed preview
R-COMMS-05	Retention policy drift	Medium	Medium	Compliance	Per-tenant retention config with audit; nightly verification job
R-COMMS-06	Cross-tenant thread participant	Low	Critical	Security	RLS + application validation + integration test
R-COMMS-07	DLR replay / spoof	Medium	Medium	Security	HMAC + IP allowlist + timestamp window + idempotency on provider message id
R-COMMS-08	Fallback-thread loop	Low	Medium	Ops	Per-patient/day circuit breaker; alert
R-COMMS-09	Legal hold leak through erasure	Low	High	Compliance	Legal-hold flag overrides erasure; test suite
R-COMMS-10	Template injection in localization	Low	Medium	Security	Strict allowlist variables, no free-form output
R-COMMS-11	Join-token reuse / theft	Low	High	Security	Short TTL, one-time use, device binding, audit
R-COMMS-12	Notification fatigue (patient)	High	Medium	Product	Per-category frequency caps + user preferences
R-COMMS-13	Multi-tenant cost spike from batch notifications	Medium	Medium	Ops	Per-tenant rate limits + spend alerts
R-COMMS-14	Virtual-session recording accidentally public	Low	Critical	Security	Tenant-scoped storage + short-lived presigned URLs; audit on access

2. Review cadence

Quarterly risk review; new risks added via PR to this file with owner assigned.