Radiology Service — Service Risk Register
Status: populated Owner: TBD Last updated: 2026-04-18 Companion: Service Template · 03 platform-services · 02 DDD
1. Risk Register
| ID | Risk | Likelihood | Impact | Owner | Mitigation | Status |
|---|---|---|---|---|---|---|
| RISK-RAD-001 | PACS vendor API changes break DICOMweb integration | Medium | High | Integration team | DICOMweb standards compliance testing; adapter pattern isolates vendor specifics | Open |
| RISK-RAD-002 | Wrong-patient imaging study displayed (PACS UID mismatch) | Very Low | Critical | Clinical informatics | Patient ID cross-check on QIDO-RS; admin-only UID mapping override with audit | Open |
| RISK-RAD-003 | Viewer launch token interception | Very Low | High | Security | Short TTL (60 min); HTTPS only; token bound to user ID | Open |
| RISK-RAD-004 | Critical finding event not delivered (NATS down) | Low | Critical | SRE | Outbox pattern; retry; escalation via alternative channel if lag > 15 min | Open |
| RISK-RAD-005 | PACS connectivity lost during high-volume imaging period | Medium | High | SRE | Cached metadata shown; viewer launch blocked gracefully; PACS recovery runbook | Open |
| RISK-RAD-006 | UAE authority-specific imaging reporting requirements unknown | Medium | Medium | Clinical informatics | Tracked as REQ-RAD-UAE-001; no implementation until MoH rule-set confirmed | Open |
| RISK-RAD-007 | Multi-tenant data leakage via RLS misconfiguration | Very Low | Critical | Security | Mandatory tenant-isolation.spec.ts; CI gate | Open |