I believe that information should be as accessible as possible in a project context to get the maximum benefit. However, one area where this can become tricky is the information contained on a risk register.
For example - there could be a risk that a key member of the project team (critical to the success of the project) leaves the company - with the associated impact on deliverables. The probability may be rated as high due to information about the team member, or the demand for their skillset in the local area.
It’s unlikely that any response strategy (e.g. lining up a different resource) will be best communicated via a risk register.
So, we have a dilemma – do we record this risk in a register accessible to the whole project team? Do we control access to the whole risk register? Do we maintain a separate risk register for entries with sensitive information?
I’d love to hear how others are managing access to dynamic, potentially sensitive information, but hopefully without hiding information away in a dusty vault or generating excessive admin overheads?
