mirror of
https://github.com/bmadcode/BMAD-METHOD.git
synced 2025-12-29 16:14:59 +00:00
15 lines
991 B
Markdown
15 lines
991 B
Markdown
|
# Risk Governance and Gatekeeping
|
|||
|
|
|
|||
|
|
- Score risk as probability (1–3) × impact (1–3); totals ≥6 demand mitigation before approval, 9 mandates a gate failure.
|
|||
|
|
- Classify risks across TECH, SEC, PERF, DATA, BUS, OPS. Document owners, mitigation plans, and deadlines for any score above 4.
|
|||
|
|
- Trace every acceptance criterion to implemented tests; missing coverage must be resolved or explicitly waived before release.
|
|||
|
|
- Gate decisions:
|
|||
|
|
- **PASS** – no critical issues remain and evidence is current.
|
|||
|
|
- **CONCERNS** – residual risk exists but has owners, actions, and timelines.
|
|||
|
|
- **FAIL** – critical issues unresolved or evidence missing.
|
|||
|
|
- **WAIVED** – risk accepted with documented approver, rationale, and expiry.
|
|||
|
|
- Maintain a gate history log capturing updates so auditors can follow the decision trail.
|
|||
|
|
- Use the probability/impact scale fragment for shared definitions when scoring teams run the matrix.
|
|||
|
|
|
|||
|
|
_Source: Murat risk governance notes, gate schema guidance._
|