...
Risk | Before Mitigation | Mitigation/Justification | After Mitigation | |||||
|---|---|---|---|---|---|---|---|---|
Risk Type | Likelihood | Severity | Score | Likelihood | Severity | Score After Mitigation | ||
AIMS Platform security is compromised. | Product | Possible | Intolerable | Extreme | NIST and DAST Vulnerability Scans of the infrastructure and application have been performed before initial release, with all significant findings remediated before deployment. | Improbable | Intolerable | Low |
Sensitive data is breached. | Product | Possible | Intolerable | Extreme | TES does not store sensitive data not store sensitive data. This risk and impact analysis will be reviewed for any content updates. | Improbable | Intolerable | Low |
TES Content does not properly associate codes with conditions. | Product | Possible | Undesirable | High | Value Sets have been pulled from trusted, field-proven sources. New groupers were curated and validated by RCKMS content team (expertsSMEs). | Improbable | Undesirable | Low |
User cannot remember password. | Product | Probable | Acceptable | Medium | SMTP infrastructure will be used that permits automated password reset through email. User can contact eCR Service Desk, which will work with AIMS production support as needed if keycloak intervention is required. | Improbable | Acceptable | Low |
Customers are unsatisfied with TES. | Business | Possible | Tolerable | Medium | User Acceptance testing has been performed by several PHAs and teams building tools to integrate the TES with other applications. Testing was favorable, acceptable for release. Educational and marketing material surrounding TES indicate that additional data sources may be added and that the tool will evolve over time. User feedback is encouraged to this end. | Improbable | Tolerable | Low |
✅ Action items
Conclusion
As of 10/28/2024, all identified risks have been mitigated to a score of low. The Terminology Exchange Service is in a state that is acceptable for promotion to production.