Rapid Risk Assessment (RRA)
The Rapid Risk Assessment framework is licensed under the MPL and was originally created to rapidly formalize risk-based decision making (less than an hour ⏰).
The RRA is based on previous frameworks, but focuses on the social aspect of the risk discussions in order to favor good outcomes, rather than perfect outcomes.
It surfaces and mitigates important risks that matter to the team, rather than checking lists of controls.
Get started!
- Even if you’re a seasoned risk professional, our Risk TL;DR may pique your interest.
- Check out the Podcasts, videos, etc. to get a feel for it!
- Read the Reference Documentation, especially RRA for services.
- Play with integrations.
Origins
The RRA concept was originally created at Mozilla under the MPL by gdestuynder@ and jvehent@ (after a walk on the beach) and improved with contributions from Mozilla’s Information Security team.
Mozilla’s Information security website can be found at https://infosec.mozilla.org.
Participate
This website, reference and tools are all hosted under the MPL on https://github.com/rapidriskassessment. Please submit issues, pull-requests, etc. as necessary. You may also consult or request to participate to the high level project board or chat on Matrix.
See also CONTRIBUTORS for a list of contributors.