10.1. Risk Matrix

Risk ID	Risk Description	Likelihood (1-5)	Impact (1-5)	Mitigation Strategy
R-01	UBI Network Network API Downtime: External service is unavailable.	3 (Moderate)	5 (Critical)	Implement retry logic with exponential backoff. Use a fallback cache to display benefit listings if the search API is down.
R-02	Data Security Breach: Sensitive PII is exposed.	2 (Low)	5 (Critical)	Enforce data encryption at rest and in transit. Conduct regular security audits and penetration testing. Follow a strict RBAC policy.
R-03	Low User Adoption: Beneficiaries do not use the app.	4 (High)	4 (High)	A comprehensive marketing and outreach strategy. In-app tutorials and a simplified user experience.
R-04	Integration Failures: The VC verification SDK fails.	3 (Moderate)	4 (High)	Implement robust error handling and logging. Create a manual override for providers to process applications if the SDK is unavailable.
R-05	Scope Creep: Project scope expands beyond initial plan.	3 (Moderate)	3 (Medium)	A formal change request process must be followed for any new features. All changes must be approved by the project sponsor.