Number Intelligence Service — Risk Register
Version: 1.0 Status: Draft Owner: Messaging Core Last Updated: 2026-04-20
1. Intent
This document tracks the known risks for number-intelligence-service, their owner, likelihood, impact, and mitigation. Risks specific to NI cluster around dependence on MNO cooperation (live HLR, MNP, EIR feeds) and sovereign data-residency obligations.
2. Risks
TBD
| ID | Risk | Likelihood | Impact | Owner | Mitigation |
|---|---|---|---|---|---|
| R-NI-01 | MNO refuses to expose live HLR / SS7 access | Med | High | Partnerships | Negotiate REST adapter as alternative; pre-warm Postgres from MNP files |
| R-NI-02 | Per-MNO TPS contracts insufficient for OTP storms | Med | High | Partnerships + SRE | Increase cache hit ratio; pre-warm batches; renegotiate TPS |
| R-NI-03 | MNP file format drift across MNOs | High | Med | Messaging Core | Adapter per MNO; schema validation with rejection counts |
| R-NI-04 | ATRA changes EIR feed format / cadence | Med | Med | Compliance | Adapter pattern; daily verify cadence |
| R-NI-05 | MSISDN PII leakage via metrics / logs | Low | Critical | Security | Hash MSISDN in all non-Postgres surfaces; security review |
| R-NI-06 | Sovereign residency breach via cross-region replication | Low | Critical | SRE + Security | HSM-wrapped backups; key never leaves kbl HSM |
| R-NI-07 | Hash-chain mutation by privileged operator | Low | Critical | Security | DB role separation; chain verify daily |
| R-NI-08 | Stale routing decisions due to delayed MNP ingest | Med | Med | Messaging Core | Hourly recon retry; on-demand admin endpoint |
| R-NI-09 | Tenant enumeration of national numbering plan via Lookup API | High | Med | Trust & Safety | Per-tenant quotas; AI anomaly scoring; audit |
| R-NI-10 | Live HLR cost spikes under malicious tenant traffic | Med | Med | Finance + SRE | Internal callers do not pay; tenant forceFresh carries premium SKU |
3. Risk Review Cadence
TBD
4. References
- ADR-0004 §5
SECURITY_MODEL.md