Skip to main content

Risk Assessment Framework

Likelihood scale: High (over 50% probability within 12 months), Medium (10–50%), Low (under 10%) Impact scale: Critical (service-ending or compliance-failing event), High (significant user impact or revenue loss), Medium (degraded experience or limited outage), Low (minor operational inconvenience) Status: Open (not fully mitigated), Mitigated (controls in place), Accepted (known risk, no mitigation planned)

Risk Register

#RiskCategoryLikelihoodImpactMitigationStatus
R-001Nigeria-resident content inadvertently stored in global bucketComplianceMediumCriticalIAM bucket policy as authoritative enforcement (ADR-003); quarterly IAM grant auditMitigated
R-002CDN signed URL leak enabling unauthorised playbackSecurityMediumHighDRM license bound to user session (not URL alone); session-bound visual watermark for forensic identificationMitigated
R-003Widevine L3 / PlayReady SL2000 screen capture on desktopSecurityHighMediumVisual watermarking forensic ID; Widevine L1 enforcement on Android; premium content L1-required policyAccepted
R-004Payment processor (Paystack or Stripe) outage during billing cycleOperationalMediumHighTemporal retry with exponential backoff (max 3 attempts, 1 h apart); deferred batch payout on outage recovery; dead-letter queue for failed chargesMitigated
R-005ML recommendation model surfaces biased results by demographicCompliance / ReputationalMediumHighMonthly bias audit required before model promotion; A/B significance gate; ML pipeline promotion policyMitigated
R-006Long-tail content restore latency (Glacier) exceeds viewer expectationUXHighMediumHTTP 202 + Retry-After UX pattern on archived content; tiering thresholds set conservatively (90 days, < 10 views) to archive only truly inactive contentMitigated
R-007Multi-DRM provider (Axinom/EZDRM) outage blocks all premium playbackOperationalLowCriticalProvider SLA monitoring; Playback Service circuit breaker with 503 + Retry-After; evaluate dual-provider failover for v2.0Open
R-008NGN/USD FX rate extreme volatility causing creator payout disputesFinancialMediumHighFX rate locked at payout period start; creator payout policy disclosed prominently in Creator DashboardMitigated
R-009Kafka partition rebalance causing consumer lag spike during peak trafficOperationalMediumMediumOver-provision partitions (future capacity headroom); separate consumer groups per service; Kafka lag alerting thresholds set below SLA impact thresholdMitigated
R-010Redis Cluster failure affecting real-time counters and session stateOperationalLowHigh3-replica Redis Cluster with automatic failover; jedis/lettuce failover client config; write-through to Postgres for durable engagement data within 1 sMitigated

Open Risks

The following risks are currently rated Open — mitigations are insufficient or not yet implemented:
R-007 — Multi-DRM provider single point of failure is the highest-priority open risk. A single multi-DRM provider handles license issuance for all DRM ecosystems (Widevine, FairPlay, PlayReady). Provider unavailability blocks all premium content playback regardless of DRM system. Dual-provider failover is targeted for v2.0. In the meantime, provider SLA is the primary control (monitored via uptime alerting).

Risk Review Schedule

Review typeFrequencyOwner
Full risk register reviewQuarterlyPlatform Architect + Security Lead
IAM grant audit (R-001)QuarterlySecurity Lead
Bias audit (R-005)Before each model promotionML Platform Team
Incident-triggered updateAfter any Severity 1 incidentOn-call Incident Commander

Build docs developers (and LLMs) love

Get started for freeTalk to us