Risk rating
Summary view
| SEVERITY | |||
|---|---|---|---|---|
ACCEPTABLE | TOLERABLE | UNDESIRABLE | INTOLERABLE | |
IMPROBABLE |
|
| ||
POSSIBLE |
|
| ||
PROBABLE |
|
|
| |
Details
ID | Details |
|---|---|
R01 | Description: Solution does not accurately identify dependencies and therefore imports don’t import all data correctly Mitigation: Use a Proof of Concept towards the start of the work to demonstrate to wider team and community how the features work and ask for feedback, ensure there is enough time in the project for a structured testing approach Likelihood: Possible Severity: Undesirable |
R02 | Description: Project team doesn’t consult widely enough with the Mautic community therefore requirements and/or functions critical to the success of the project are omitted. Mitigation: Communicate about the project widely and regularly to the community via the Community Portal, make all documentation (including this risk log) public and open for feedback Likelihood: Improbable Severity: Undesirable |
R03 | Description: Complexities in creating the feature are not uncovered until too late in the process Mitigation: Put together a foundational proof of concept early in the work to help identify unforeseen technical complexity, and use an iterative approach to building in complexity and solving technical issues. Likelihood: Possible Severity: Intolerable |
R04 | Description: Data may get corrupted during import/export due to format mismatches, incomplete files, or interruptions Mitigation: Use standard file formats for the import and export files (eg JSON), check that files are in these formats on import and where possible implement an undo function to revert any issues with user data. Likelihood: Possible Severity: Undesirable |
R05 | Description: Large import/export operations might slow down the system or cause timeouts Mitigation: As a part of the import feature, analyse the data to be imported and break down any imports that are larger than 1,000 entities into chunks; Use asynchronous processes with progress tracking to avoid blocking the UI. Likelihood: Possible Severity: Undesirable |
R06 | Description: Imports may create duplicate entries, leading to data inconsistencies Mitigation: Notify users of potential duplicates during import. Implement duplicate detection and rename/overwrite logic. Allow users to dedupe any suspected duplicate data. Likelihood: Improbable Severity: Undesirable |
R07 | Description: Sensitive data may be exposed or manipulated during export or through maliciously crafted exports/imports. Mitigation: Don't allow the export of any sensitive data e.g. email addresses and contacts; note all successful actions in the Mautic audit log Likelihood: Improbable Severity: Undesirable |
R08 | Description: Users may attempt to import/export files in unsupported or incorrectly formatted file types. Mitigation: Clearly specify the filetype required in the UI; Check for filetype and format up front on import, encourage users to only user files exported from Mautic, or from Mautic Packagist / trusted sources Likelihood: Improbable Severity: Undesirable |
R09 | Description: Misalignment with Mautic configurations. Import/export may conflict with existing workflows, campaigns, or custom fields. Mitigation: Validate imported data against Mautic's configuration (e.g., required fields, campaign dependencies). Structured testing prior to production release. Likelihood: Probable Severity: Undesirable |
R10 | Description: New hires don’t have good enough understanding of the product to adequate specify and build the requirements Mitigation: solid onboarding process and support from the existing team, ensure work is regularly reviewed including risks and ensure the team keep the work visible to the wider community. Likelihood: Possible Severity: Undesirable |