Skip to content

Risk Register

Initial company-level risk register. This is a living record; risks should be added, updated, and closed over time rather than treated as a one-time exercise.

Register

ID Risk Category Likelihood Impact Mitigation Owner
RK-001 Premature commercialization claims (marketing/product copy asserting capabilities, availability, or results not yet true) are published. Reputational / Legal Medium High Commercial claims require verified implemented capability and human approval; see docs/ai/context-loading-order.md (commercialization work) and docs/ai/prohibited-behaviors.md. Founder
RK-002 Fabricated or unsupported research (market size, demand, competitor data, customer quotes) is treated as fact. Reputational / Decision quality Medium High Evidence and citation requirements mandate fact/evidence/hypothesis/assumption/inference/recommendation classification; prohibited fabrications explicitly listed. See docs/ai/evidence-and-citation-requirements.md. Founder
RK-003 Venture brand confusion — e.g. conflation of a venture with an unrelated similarly-named entity ("DDLabs" or similar), or blurring of Devonshire Digital, Shelfery, and Digital Products identities. Brand / Legal Low-Medium Medium Brand architecture and terminology documents (docs/company/) define naming boundaries; commercialization material reviewed against docs/company/brand-architecture.md before publication. Founder
RK-004 Scope creep into a monorepo structure without an explicit decision. Architecture Medium Medium Repository boundaries documented as an intentional open decision (see repository-boundaries.md); any monorepo consolidation requires an ADR, not incremental drift. Repository Maintainer
RK-005 Security of any future customer data collected by a venture product. Security / Privacy Low (no customer data yet) High (if realized) Information classification policy defines Restricted data handling; no customer data is to be stored in this repository; venture products handling customer data require Security and Privacy Reviewer sign-off before launch. Security and Privacy Reviewer
RK-006 AI-generated calculation errors in financial products (e.g. Digital Products workbooks) go undetected. Product quality / Financial Medium High Calculation specifications, test plans, and financial guardrails required before financial calculation features ship; see docs/ai/context-loading-order.md (Digital Products work). Product Owner (Digital Products)
RK-007 Food-safety guidance liability — Shelfery providing food-storage or shelf-life guidance that is inaccurate or unsupported. Legal / Safety Medium High Food-safety claims classified as high-risk requiring human/domain-reviewer approval; no unsupported food-safety claims permitted. See docs/ai/prohibited-behaviors.md and docs/company/responsible-ai-principles.md. Domain Reviewer (Shelfery)

Fields

  • Likelihood / Impact — qualitative (Low / Medium / High) at this stage; no formal scoring model is in place yet.
  • Mitigation — current or planned control. Should link to the governing document(s).
  • Owner — role accountable for monitoring and mitigating the risk, per decision-rights.md.

Maintenance

Review this register at least quarterly (see review_cycle) and whenever a new venture, product, or customer-facing capability is introduced. Close or downgrade risks with evidence, not assumption — link to the relevant record (ADR, test result, review sign-off).


Report an issue about this page