Risk log
- David Jarvis aka DJ
Risk rating
Summary view
| SEVERITY | |||
|---|---|---|---|---|
ACCEPTABLE | TOLERABLE | UNDESIRABLE | INTOLERABLE | |
IMPROBABLE |
|
| ||
POSSIBLE |
| |||
PROBABLE |
|
|
| |
Details
ID | Details |
|---|---|
Description: Solution does not accurately identify dependencies and therefore imports don’t import all data correctly Mitigation: Use a Proof of Concept towards the start of the work to demonstrate to wider team and community how the features work and ask for feedback, ensure there is enough time in the project for a structured testing approach Likelihood: Possible Severity: Undesirable | |
Description: Project team doesn’t consult widely enough with the Mautic community therefore requirements and/or functions critical to the success of the project are omitted. Mitigation: Communicate about the project widely and regularly to the community via the Community Portal, make all documentation (including this risk log) public and open for feedback Likelihood: Improbable Severity: Undesirable | |
Description: Complexities in creating the feature are not uncovered until too late in the process Mitigation: Put together a foundational proof of concept early in the work to help identify unforeseen technical complexity, and use an iterative approach to building in complexity and solving technical issues. Likelihood: Possible Severity: Intolerable | |
Description: Data may get corrupted during import/export due to format mismatches, incomplete files, or interruptions Mitigation: Use standard file formats for the import and export files (eg JSON), check that files are in these formats on import and where possible implement an undo function to revert any issues with user data. Likelihood: Possible Severity: Undesirable | |
Description: Large import/export operations might slow down the system or cause timeouts Mitigation: As a part of the import feature, analyse the data to be imported and break down any imports that are larger than 1,000 entities into chunks; Use asynchronous processes with progress tracking to avoid blocking the UI. Likelihood: Possible Severity: Undesirable | |
Description: Imports may create duplicate entries, leading to data inconsistencies Mitigation: Notify users of potential duplicates during import. Implement duplicate detection and rename/overwrite logic. Allow users to dedupe any suspected duplicate data. Likelihood: Improbable Severity: Undesirable Note: We had planned an additional ticket to add unique IDs to entities. This has been carried out externally to the project. While this should be overall beneficial it has also raised another risk (see below) | |
Description: Sensitive data may be exposed or manipulated during export or through maliciously crafted exports/imports. Mitigation: Don't allow the export of any sensitive data e.g. email addresses and contacts; note all successful actions in the Mautic audit log Likelihood: Improbable Severity: Undesirable | |
Description: Users may attempt to import/export files in unsupported or incorrectly formatted file types. Mitigation: Clearly specify the filetype required in the UI; Check for filetype and format up front on import, encourage users to only user files exported from Mautic, or from Mautic Packagist / trusted sources Likelihood: Improbable Severity: Undesirable | |
Description: Misalignment with Mautic configurations. Import/export may conflict with existing workflows, campaigns, or custom fields. Mitigation: Validate imported data against Mautic's configuration (e.g., required fields, campaign dependencies). Structured testing prior to production release. Likelihood: Probable Severity: Undesirable | |
Description: New hires don’t have good enough understanding of the product to adequate specify and build the requirements Mitigation: solid onboarding process and support from the existing team, ensure work is regularly reviewed including risks and ensure the team keep the work visible to the wider community. Likelihood: Possible Severity: Undesirable | |
Description: The ability to move campaign data from one instance to another may cause users not to understand how their campaign works, causing an increase in support issues and effort to resolve them. Mitigation: For Phase 2 of the delivery, consider including a ‘readme’ file within the campiagn files that allows Mautic to describe the functions of each campaign exported. Likelihood: Possible Severity: Undesirable | |
Description: Unplanned development elsewhere on the project creates new integration work or an unforeseen dependency on work we need to do on the campaign library development. Mitigation: This is hard to completely stop as development can come from any number of sources due to the open source nature of the work. We should be careful to ensure that any technical risks or additional work is known and deliverable within our constraints before we create any links between ‘exernal work’ like this. Likelihood: Possible Severity: Tolerable |