diff --git a/EthicsGuidesandDocuments/T32025/Risk Register(1).xlsx b/EthicsGuidesandDocuments/T32025/Risk Register(1).xlsx
new file mode 100644
index 0000000..d212c2c
Binary files /dev/null and b/EthicsGuidesandDocuments/T32025/Risk Register(1).xlsx differ
diff --git a/EthicsGuidesandDocuments/T32025/Risk Register.csv b/EthicsGuidesandDocuments/T32025/Risk Register.csv
new file mode 100644
index 0000000..d9d7586
--- /dev/null
+++ b/EthicsGuidesandDocuments/T32025/Risk Register.csv	
@@ -0,0 +1,31 @@
+﻿Risk ID,Risk Description,Project/Area,Category,Likelihood (1-5),Impact (1-5),Risk Rating,Mitigation Strategy,Owner,Status,Review Date,Registry (Permissions),
+CY-01,SIEM logs may capture unnecessary personal data,Cybersecurity,Privacy,4,5,20,"Reduce log verbosity, apply masking, retention limits",Cybersecurity Lead,Mitigating,20-12-2025,Edit (Cybersecurity Lead),
+CY-02,Improper access control may expose sensitive incident data,Cybersecurity,Security,3,5,15,"Role-based access, audit logs, encryption",Security Architect,Open,15-01-2026,Restricted (Leadership Only),
+CY-03,False positives may cause unnecessary investigations,Cybersecurity,Fairness / Misuse,3,4,12,"Tune detection rules, validate alerts",SOC Team,Monitoring,30-12-2025,View Only,
+SOC-01,Network monitoring may reveal employee behaviour patterns,SOC,Privacy,3,4,12,"Minimise behavioural analytics, enforce strict access controls",SOC Manager,Monitoring,22-12-2025,Restricted (SOC Manager Only),
+SOC-02,Over-monitoring may result in perceived surveillance,SOC,Transparency / Consent,2,5,10,"Publish monitoring policy, limit scope",Compliance Officer,Open,10-01-2026,Edit (Compliance Team),
+SOC-03,Analysts may misinterpret alerts and escalate incorrectly,SOC,Accountability,3,3,9,"Training, review process, dual-analysis for high-impact alerts",SOC Lead,Open,05-01-2026,View Only,
+WR-01,Wearables may incorrectly predict health emergencies,Wearables,Safety,3,5,15,"Medical review, improve thresholds, expand test datasets",Wearables Lead,Open,10-01-2026,Edit (Wearables Lead),
+WR-02,Location data collected without user awareness,Wearables,Consent / Privacy,2,5,10,"Add explicit consent flow, reduce telemetry",Wearables UX Lead,Mitigating,20-01-2026,Edit (UX Lead),
+WR-03,Data sent to cloud may expose sensitive metrics,Wearables,Sensitive Data,2,5,10,"Encrypt in transit/at rest, minimise fields",Security Architect,Open,15-01-2026,Restricted (Security Only),
+AI-01,Training data may introduce bias into predictions,ML/AI,Bias / Fairness,4,4,16,"Fairness testing, balanced training datasets",ML Lead,Open,01-02-2026,Edit (ML Lead),
+AI-02,Model decisions may be opaque or difficult to explain,ML/AI,Transparency,3,4,12,Implement SHAP/LIME explainability,ML Team,Open,22-01-2026,View Only,
+AI-03,Model may be misused outside intended purpose,ML/AI,Misuse,2,5,10,"Usage constraints, documentation, access controls",AI Product Owner,Monitoring,30-01-2026,Restricted (Leadership Only),
+IoT-01,Device telemetry may leak sensitive data,IoT,Sensitive Data,2,5,10,"Encrypt telemetry, reduce fields",IoT Lead,Open,05-01-2026,Restricted (Security Only),
+IoT-02,Firmware updates may fail and brick devices,IoT,Safety,2,4,8,"Staged rollouts, rollback support",Firmware Engineer,Mitigating,10-02-2026,Edit (Firmware Lead),
+IoT-03,Devices may track users without explicit consent,IoT,Consent,3,5,15,"Opt-in flow, allow disabling tracking",IoT UX Lead,Open,18-01-2026,Edit (UX Lead),
+DE-01,Data warehouse stores unnecessary identifiers,Data Engineering,Data Minimisation,3,4,12,"Anonymise data, remove unused columns",Data Eng Lead,Mitigating,15-01-2026,Edit (Data Eng Lead),
+DE-02,Pipelines may re-identify users when datasets combine,Data Engineering,Privacy,3,5,15,"Apply k-anonymity, auditing",Privacy Engineer,Open,01-02-2026,Restricted (Privacy Team),
+DE-03,Lack of lineage may cause misuse of historical data,Data Engineering,Transparency,2,4,8,Add lineage tracking and documentation,Data Team,Monitoring,25-01-2026,View Only,
+WD-01,API responses may expose unnecessary user data,Web Dev,Privacy,3,5,15,"Limit API fields, field-level security",Backend Lead,Open,30-12-2025,Edit (Backend Lead),
+WD-02,Poor consent UI may mislead users,Web Dev,Transparency / Consent,3,4,12,"Redesign UI, clearer messaging",Frontend Lead,Open,12-01-2026,Edit (Design Lead),
+WD-03,Auth flow may leak info via error messaging,Web Dev,Security,2,4,8,Standardised error responses,Security Engineer,Monitoring,20-01-2026,Restricted (Security Only),
+OR-01,CV system may misidentify athletes,Project Orion,Bias / Fairness,3,4,12,"Diverse datasets, audits",Orion Lead,Open,15-12-2025,Edit (Orion Lead),
+OR-02,Camera feeds may capture bystanders,Project Orion,Privacy,2,5,10,"Blur non-athletes, restrict zones",Vision Engineer,Monitoring,10-01-2026,Restricted (Leadership Only),
+OR-03,Tracking may be repurposed for surveillance,Project Orion,Misuse,2,5,10,"Usage rules, access limitations",Project Manager,Open,22-01-2026,View Only,
+INFRA-01,"Misconfigured S3 buckets, databases, or IAM policies may expose sensitive fitness/health data to public access",Infrastructure,Security / Privacy,4,5,20,"Infrastructure-as-Code reviews, automated config scanning (AWS Config/Security Hub), least privilege IAM policies, regular cloud security audits",Cloud Security Lead,Open,01-02-2026,Restricted (Security Only),
+BC-01,"Ransomware attack may encrypt critical systems, wearable device infrastructure, and customer data, halting operations",Business Continuity,Saftey / Privacy,3,5,15,CISO,Owner,Open,25-01-2026,Restricted (Leadership Only),
+IAM-02,"Former employees, contractors, or unused service accounts may retain access to systems containing sensitive user data",Identity & Access Management,Security ,4,4,16,"Automated deprovisioning workflows, quarterly access reviews, identity lifecycle management, least privilege enforcement, privileged access monitoring",Security Architect,Open,30-01-2026,Edit (Security Lead),
+COMP-01,"Fitness/health data processing may violate GDPR, Australian Privacy Act, or other regulations due to inadequate consent, retention, or security controls",Compliance & Governance,Privacy / Transparency,3,5,15,"Conduct Privacy Impact Assessments (PIAs), appoint Data Protection Officer, implement data subject rights workflows, document legal basis for processing, regular compliance audits",Compliance Officer,Open,15-02-2026,Restricted (Leadership Only),
+APPSEC-01,"SQL injection, XSS, or API injection flaws in web dashboards or mobile apps may allow unauthorized data access or system compromise",Application Security,Security,3,5,15,"Input validation and sanitization, parameterized queries, security testing in CI/CD pipeline (SAST/DAST), OWASP Top 10 training for developers, Web Application Firewall (WAF)",Backend Lead,Open,28-01-2026,Edit (Backend Lead),
+,,,,,,,,,,,,