Risks, Assumptions, Issues, Decisions, Dependencies — same discipline as the PM and Agile suites, with a federal-specific twist: several of the highest-severity risks here trace directly back to the ATO gate, since nothing goes live without it.
| ID | Type | Description | Owner | Impact if Unresolved |
|---|---|---|---|---|
| R-01 | Risk | ATO assessment surfaces a security finding that delays Milestone Gate 1 beyond Month 7 | T. Abernathy (ISSO) | Slips production go-live; may require a schedule-only contract mod |
| R-02 | Risk | Legacy applicant data has inconsistent formatting that complicates the migration validation | K. Lindqvist | Extends CDRL A009 timeline; possible data-quality rework |
| I-01 | Issue | COR review turnaround on CDRL A001 ran 5 business days over the QASP-implied cadence | C. Tyrrell | Minor schedule compression on downstream deliverables |
| A-01 | Assumption | FOPBA will provide legacy system read access within 15 days of Task Order start | C. Tyrrell | If false, migration planning start date slips |
| D-01 | Decision | Section 508 testing will use an independent government auditor rather than contractor self-attestation | M. Whitcombe (COR) | N/A — decision logged, drives CDRL A006 process |
| DEP-01 | Dependency | ATO package (CDRL A007) cannot be submitted until Section 508 report (CDRL A006) is accepted | T. Abernathy | Sequencing risk — any 508 delay cascades directly into the ATO gate |