Risk Assessment: {project_name}
Source:
risks.md
markdown
# Risk Assessment: {project_name}
> **Status:** Draft
> **Author:** Discovery Team — Risk Researcher
> **Date:** {date}
## Executive Risk Summary
<!-- 2-3 sentence overview of the project's risk profile -->
## Technical Feasibility
### Architecture Risks
| Risk | Likelihood | Impact | Mitigation |
|------|-----------|--------|------------|
| | | | |
### Integration Risks
<!-- Third-party dependencies, API stability, vendor lock-in -->
### Scalability Risks
<!-- Performance bottlenecks, data growth, concurrent user limits -->
## Compliance & Regulatory
### Regulatory Requirements
<!-- GDPR, HIPAA, SOC 2, PCI-DSS, industry-specific regulations -->
### Data Privacy Risks
<!-- PII handling, data residency, consent management -->
## Operational Risks
### Deployment & Infrastructure
<!-- Cloud dependency, disaster recovery, monitoring gaps -->
### Team & Resource Risks
<!-- Skill gaps, key-person dependencies, timeline pressure -->
## Security Risks
### Attack Surface
<!-- Authentication, authorization, injection vectors, data exposure -->
### Third-Party Risk
<!-- Supply chain, dependency vulnerabilities, vendor security posture -->
## Risk Matrix
| # | Risk | Likelihood (1-5) | Impact (1-5) | Score | Priority | Mitigation Strategy |
|---|------|-------------------|---------------|-------|----------|---------------------|
| 1 | | | | | | |
| 2 | | | | | | |
| 3 | | | | | | |
## Assumptions Requiring Validation
<!-- List assumptions from the brief that carry risk if wrong -->
1.
2.
3.
## Open Questions
<!-- Unresolved items that affect risk assessment -->
1.
2.