Risk Register (Firemen’s v. Sorenson (Marriott derivative))¶
Purpose¶
This register captures material risks highlighted by Firemen’s v. Sorenson (Marriott derivative) with severity, impact pathway, mitigation plan, and evidence expectations. It is intended for ongoing governance and audit use so risk acceptance, remediation progress, and accountability remain explicit over time.
Risk Register¶
MNA-DIL-01 — Diligence-to-integration traceability gap¶
- Severity: High
- Description: Cyber diligence findings from acquisition process are not consistently traced to post-close controls.
- Impact: Oversight and fiduciary narrative risk in derivative litigation.
- Mitigation: Integration scorecard with owner accountability and closure deadlines.
- Evidence: Diligence findings tracker, integration plans, closure evidence.
BOARD-MET-02 — Board metric quality insufficiency¶
- Severity: High
- Description: Generic reporting obscures material cyber risk trends and remediation status.
- Impact: Weak oversight evidence under litigation scrutiny.
- Mitigation: Standardized board KPI pack with critical finding age and incident trends.
- Evidence: Board packs, metric definitions, committee minutes.
LEGACY-CTRL-03 — Legacy environment control inconsistency¶
- Severity: High
- Description: Inherited system differences create uneven IAM/logging/segmentation controls.
- Impact: Residual breach risk and prolonged remediation.
- Mitigation: Prioritized hardening roadmap with dated exceptions and validation testing.
- Evidence: Architecture exception logs, test reports, remediation tickets.
FRANCHISE-04 — Franchise and partner access governance gaps¶
- Severity: Medium
- Description: Decentralized partner access expands trust-boundary risk.
- Impact: Potential unauthorized access and evidence complexity.
- Mitigation: Vendor/partner tiering, access reviews, contractual control requirements.
- Evidence: Vendor assessments, access attestations, contract clauses.
DISC-READY-05 — Derivative discovery readiness shortfalls¶
- Severity: Medium
- Description: Inconsistent evidence mapping slows counsel response and weakens posture.
- Impact: Higher legal cost and adverse procedural pressure.
- Mitigation: Unified evidence index and privilege-aware document workflow.
- Evidence: Evidence catalog, legal hold records, response-time metrics.