TES Risk and Impact Analysis

Owned by Aric van Kan, created
Last updated: Oct 28, 2024
2 min read

Risks management

Identify and prioritize risks based on their probability and severity. Then define what further actions you need to take to control the risks, and who needs to carry out these actions.

Risk rating

LOW

MEDIUM

HIGH

EXTREME

  • Acceptable

  • Ok to proceed

  • As low as reasonably practicable - provide justification

  • Take mitigation efforts

  • Generally unacceptable

  • Seek support

  • Intolerable

  • Place event on hold

 

 


LIKELIHOOD

SEVERITY

ACCEPTABLE
Little to no effect on event

TOLERABLE
Effects are felt, but not critical to outcome

UNDESIRABLE
Serious impact to the course of action and outcome

INTOLERABLE
Could result in disaster

IMPROBABLE
Risk is unlikely to occur

 

 

 

 

POSSIBLE
Risk will likely occur

 

 

 

 

PROBABLE
Risk will occur

 

 

 

 

Risk

Before Mitigation

Mitigation/Justification

After Mitigation

Risk Type

Likelihood

Severity

Score

Likelihood

Severity

Score After Mitigation

AIMS Platform security is compromised.

Product

Possible

Intolerable

Extreme

Vulnerability Scans of the infrastructure and application have been performed before initial release, with all significant findings remediated before deployment.

Improbable

Intolerable

Low

Sensitive data is breached.

Product

Possible

Intolerable

Extreme

TES does not store sensitive data. This risk and impact analysis will be reviewed for any content updates.

Improbable

Intolerable

Low

TES Content does not properly associate codes with conditions.

Product

Possible

Undesirable

High

Value Sets have been pulled from trusted, field-proven sources. New groupers were curated and validated by RCKMS content team (SMEs).

Improbable

Undesirable

Low

User cannot remember password.

Product

Probable

Acceptable

Medium

SMTP infrastructure will be used that permits automated password reset through email.

User can contact eCR Service Desk, which will work with AIMS production support as needed if keycloak intervention is required.

Improbable

Acceptable

Low

Customers are unsatisfied with TES.

Business

Possible

Tolerable

Medium

User Acceptance testing has been performed by several PHAs and teams building tools to integrate the TES with other applications. Testing was favorable, acceptable for release.

Educational and marketing material surrounding TES indicate that additional data sources may be added and that the tool will evolve over time. User feedback is encouraged to this end.

Improbable

Tolerable

Low

Conclusion

As of 10/28/2024, all identified risks have been mitigated to a score of low. The Terminology Exchange Service is in a state that is acceptable for promotion to production.