Appearance
Risk Assessment
Status: First version. Effective 2026-05-11. Owner: Taha Abbasi (technical risk) + Asad Khalid (org / financial / regulatory risk). Cadence: annual at minimum; whenever a new risk is identified materially; before any audit attestation. Each version is dated and preserved (do not overwrite).
Scope
Identifies, evaluates, and tracks mitigation of risks to:
- Confidentiality, integrity, and availability of AskFlorence systems and data (HIPAA Security Rule §164.308(a)(1)(ii)(A) — risk analysis)
- The Trust Services Criteria operating environment (SOC 2 CC3.1, CC3.2 — risk identification + analysis)
- CMS EDE Phase 3 program eligibility (MARS-E 2.2 RA-3 — risk assessment)
- Member and agent data (HIPAA Privacy Rule + state breach notification statutes)
Out of scope today: enterprise-wide insurance risk (E&O, cyber liability) — addressed separately by Asad as part of operational readiness.
Methodology
Each risk is scored on two axes:
| Likelihood | Definition |
|---|---|
| High | Plausible within 6 months given current controls |
| Medium | Plausible within 12 months given current controls |
| Low | Plausible only with specific adverse conditions |
| Impact | Definition |
|---|---|
| Critical | Regulatory finding (HIPAA Breach Notification triggered, EDE program suspension), or material loss of trust requiring public disclosure |
| High | Material operational disruption, audit qualification, or single-state regulatory action |
| Medium | Bounded operational disruption, addressable within one audit cycle |
| Low | Workaround exists, no audit-cycle disruption |
Composite risk = Likelihood × Impact. High × Critical and Medium × Critical are the priority items in the table below.
Risk register (2026-05-11)
Append new rows; do not delete superseded ones (annotate with a follow-up row marked "superseded").
| # | Risk | Likelihood | Impact | Composite | Mitigation today | Owner | Follow-up |
|---|---|---|---|---|---|---|---|
| R-001 | Single-cofounder admin on AWS Organizations + Atlas — no break-glass second principal. If Taha is unavailable in an incident, no one else can revoke credentials, rotate keys, or modify infra. | Medium | Critical | High | Documented break-glass procedure (see break-glass-root-login.md). Hardware MFA tracked in #67. | Taha | Provision a second admin SSO principal for Asad once hardware MFA enrolled; tie to access-control policy quarterly review |
| R-002 | MongoDB Atlas BAA signed PDF not on file. Atlas BAA is in-force via M10 HIPAA tier but the auditor evidence artifact does not exist. | Medium | High | High | Atlas org-level BAA is effective at M10 tier; protection is real. Tracking signed-PDF collection in #57. | Asad | Collect signed BAA from Atlas support; confirm in writing both project IDs (prod + staging) enumerated |
| R-003 | PostHog Cloud is on free tier (no HIPAA BAA). Free-tier PostHog could observe PII via client SDK before retirement. | Medium | High | High | Removing per #75. Production capture has been broken on apex since post-Phase-10 cutover (AWS WAF blocks /ingest/*); no data has been collected from apex production traffic since 2026-04-23. | Taha | PostHog SDK removed entirely 2026-05-12 (#75 sub-A, PRs #184/#186). Replacement: OpenPanel + GlitchTip self-hosted on our AWS, under the AWS Org BAA (ADR 0009 / ENG-347). Zero events received during the broken-state window (capture was WAF-403'd apex-side). |
| R-004 | No pen test on record. SOC 2 + EDE both expect at least one external pen test result before the audit window. | High | High | High | Tracked as Phase 11 hardening; pen test vendor RFQ targeted July 2026 alongside SOC 2 vendor signing; first report Q4 2026. | Taha (RFQ) + Asad (budget) | Bishop Fox / Trail of Bits / NetSPI tier; $15-40K one-time budget allocation needed |
| R-005 | Hardware MFA not yet enrolled. SSO MFA is software-TOTP today. Phishing-resistant MFA (FIDO2 / WebAuthn / YubiKey) is the SOC 2 + EDE expectation. | Medium | High | High | TOTP MFA enforced on all SSO accounts today. Hardware MFA tracked in #67. | Taha | Provision YubiKeys for Taha + Asad + Ian; enroll before SOC 2 vendor sign |
| R-006 | Prod app-write Mongo user still exists with whole-DB readWrite. Documented as Phase-12-exit item in ADR 0003 but not yet removed. | Medium | High | High | Narrow-scoped users provisioned on staging; prod migration deferred until AWS cutover verified (done) — now actionable. | Taha | Provision narrow-scoped users on prod project; cut over consumers; revoke app-write |
| R-007 | Florence AI direct-to-Anthropic call surface (not yet shipped). PHI in Florence prompt/response without an Anthropic BAA. | Low (not yet shipped) | Critical | Medium | Florence AI not yet in production. Bedrock-Claude migration planned at EDE Phase 3 (under AWS BAA — no separate Anthropic BAA needed). | Taha | Either (a) collect Anthropic BAA before any prod Florence call, or (b) ship direct on Bedrock from launch. See vendor register. |
| R-008 | Atlas commercial → Atlas-for-Government migration is multi-day. EDE Phase 3 requires FedRAMP Moderate inheritance on the DB tier. | Low (8+ months out) | High | Medium | Architectural posture (PrivateLink, narrow roles, audit log) transfers to Atlas Gov unchanged. Migration window can be planned. | Taha | Schedule migration window at EDE Phase 3 cutover (~Feb 2027); rehearse on staging Atlas Gov sandbox first |
| R-009 | Vendor BAA registry has gaps. Mongo + Anthropic + NIPR + ID-verify vendor pending. | Medium | High | High | Tracked in vendor register. 5 of 11 vendors BAA-signed today. | Asad | Close gaps before SOC 2 vendor sign (target July 2026) |
| R-010 | Privacy policy + terms of service for consumer site not yet published. Required for any PII collection page + by some payment processors. | Medium | High | High | Tracked in #55. Legal-team scope. | Asad | Publish before any member enrollment goes live (target before 2026-06-15 platform v1) |
| R-011 | Unsubscribe flow + consent versioning not built. CAN-SPAM violation risk on every marketing email; GDPR/CCPA consent retention not provable. | Medium | High | High | No external marketing email has been sent. Waitlist + transactional only. Tracked in #58 (consent versioning) and #59 (unsubscribe flow). | Taha | Build unsubscribe flow + consent capture before first marketing email |
| R-012 | HubSpot test-data deletion via gdpr-delete endpoint accidentally blocklisted taha@askflorence.health (2026-05-09). Same pattern could permanently blocklist a real prospect. | Low | Medium | Low | Engineering convention captured: never gdpr-delete a real email; use +alias@ for test data; use archive endpoint for soft-delete. CLAUDE.md documents the rule. | Taha | Add a HubSpot-data-script linter / runbook check |
| R-013 | CMS ingest cost spike happened once on M60 (~$2,800/mo). Bounded by switching to delta-aware refresh. | Low (post-mitigation) | Medium | Low | Cadence redesigned per decisions/2026-05-09-refresh-cadence.md. | Taha | Monitor monthly Atlas + AWS spend against budget alarms |
| R-014 | GET /api/waitlist triggered real SES sends to a hardcoded address when crawled (2026-04-10). Fixed; pattern documented. | Low (post-mitigation) | Medium | Low | Engineering rule: never put side-effect-triggering code in a GET handler unless gated on NODE_ENV !== "production" or auth. CLAUDE.md documents the rule. | Taha | Add CI lint or runtime check for side-effects-in-GET pattern (open) |
| R-015 | Cross-cluster Atlas reader role drift — app_read_staging could be widened via Atlas Admin UI by anyone with org-owner access (today = Taha). | Low | Medium | Low | Nightly drift check (scripts/audit/staging-cluster-drift.ts, 08:00 UTC) opens P1 issue on drift. | Taha | Continue cadence; verify drift-check runs weekly |
| R-016 | Documented operating-control layer (this directory) is new (effective 2026-05-11). Operating history needed to demonstrate cadence works in practice. | High | Medium | Medium | This is the foundation; the operating cadence (quarterly reviews, incident postmortems) starts now. Sticking to the cadence builds the history. | Taha + Asad | Quarterly reviews kick off Q2 2026 (May–July); operating evidence accumulates from there |
Out-of-band risks (tracked separately)
- Insurance coverage (E&O, cyber liability) — Asad-owned, not a HIPAA / SOC 2 / EDE control input
- Cap table / equity compliance — Asad-owned
- Fundraising-process risk — Asad-owned
Mitigations completed since v0 (not in the table — kept for the record)
- Atlas project isolation (ADR 0001) — addressed cross-env IAM leak risk
- Append-only audit log at DB layer (ADR 0002) — addressed tamper risk
- Narrow-scoped Mongo users on staging (ADR 0003) — addressed credential blast-radius risk
- AWS PrivateLink for cross-cluster reads (ADR 0004) — addressed public-network exposure risk
- AWS WAF on apex CloudFront — addressed L7 / managed-rule risk for prod traffic
- IAM OIDC for GitHub Actions — removed long-lived CI access keys
- Secret-validation CI workflow (
.github/workflows/validate-secrets.yml) — addresses the bug class that broke Resend on 2026-04-10 - Resend retirement (v0.33.0) — removed unreliable subprocessor
Review
Reviewed by: Taha Abbasi (technical), Asad Khalid (org). Next mandatory review: 2027-05-11. Trigger an out-of-cycle review if any composite-rated High or Critical risk materializes or is newly identified.
