{"id":53,"date":"2026-07-05T20:39:29","date_gmt":"2026-07-05T20:39:29","guid":{"rendered":"https:\/\/wisegrid.co\/blog\/raid-log\/"},"modified":"2026-07-05T20:39:29","modified_gmt":"2026-07-05T20:39:29","slug":"raid-log","status":"publish","type":"post","link":"https:\/\/wisegrid.co\/blog\/raid-log\/","title":{"rendered":"RAID Log: What It Is, and a Template That Maintains Itself"},"content":{"rendered":"<p><em>By <a href=\"\/blog\/author\/ryan-kramer\/\">Ryan Kramer<\/a>, founder of Wisegrid. Last updated July 2026.<\/em><\/p>\n<p>A RAID log is a project management document that tracks four things in one place: <strong>Risks<\/strong> (what might go wrong), <strong>Assumptions<\/strong> (what you are treating as true), <strong>Issues<\/strong> (what has already gone wrong), and <strong>Dependencies<\/strong> (what you are waiting on, or who is waiting on you). It is reviewed on a regular cadence, usually weekly, so problems get owners and deadlines instead of living in someone\u2019s head.<\/p>\n<p>This guide covers what goes in each section, a complete template with a worked example you can copy, and the honest reason most RAID logs die (they go stale), along with a way to fix that.<\/p>\n<blockquote>\n<p><strong>Key takeaways<\/strong> \u2013 <strong>RAID stands for Risks, Assumptions, Issues, Dependencies.<\/strong> Some teams swap Assumptions for Actions; both variants are legitimate, pick one and be consistent. \u2013 <strong>Risks are future, issues are present.<\/strong> A risk might happen; an issue already has. \u2013 <strong>Every entry needs an owner and a date.<\/strong> An unowned RAID entry is a wish, not a plan. \u2013 <strong>The template below is a complete starting point.<\/strong> Columns, statuses, scoring, and a filled-in example. \u2013 <strong>Staleness is the killer.<\/strong> A RAID log nobody updates is worse than none at all, because it creates false confidence. The fix is making the log flag its own stale entries.<\/p>\n<\/blockquote>\n<nav class=\"wg-toc\" aria-label=\"Table of contents\"><div class=\"wg-toc-eyebrow\"><span class=\"lp-dot\" aria-hidden=\"true\"><\/span> On this page<\/div><ul>\n<li><a href=\"#what-is-a-raid-log\">What is a RAID log?<\/a><\/li>\n<li><a href=\"#r-is-for-risks\">R is for Risks<\/a><\/li>\n<li><a href=\"#a-is-for-assumptions\">A is for Assumptions<\/a><\/li>\n<li><a href=\"#i-is-for-issues\">I is for Issues<\/a><\/li>\n<li><a href=\"#d-is-for-dependencies\">D is for Dependencies<\/a><\/li>\n<li><a href=\"#the-raid-log-template\">The RAID log template<\/a><\/li>\n<li><a href=\"#a-complete-worked-example\">A complete worked example<\/a><\/li>\n<li><a href=\"#how-to-run-a-raid-log-that-survives\">How to run a RAID log that survives<\/a><\/li>\n<li><a href=\"#a-raid-log-that-maintains-itself\">A RAID log that maintains itself<\/a><\/li>\n<li><a href=\"#faq\">FAQ<\/a><\/li>\n<\/ul><\/nav>\n<h2 id=\"what-is-a-raid-log\">What is a RAID log?<\/h2>\n<p>A RAID log (sometimes called a RAID register) is a single living document where a project team records its risks, assumptions, issues, and dependencies. It usually lives as a spreadsheet or a sheet in a work management tool, with one row per entry and columns for description, owner, severity, status, and dates. Its job is to be the one place the project manager and stakeholders look to answer \u201cwhat could hurt this project, and what are we doing about it?\u201d<\/p>\n<p>It gets its power from three habits: everything gets written down when it is raised (not when it becomes urgent), every entry has exactly one accountable owner, and the log is reviewed on a fixed cadence, typically at the weekly project meeting.<\/p>\n<p>You will also see the variant where the A stands for <strong>Actions<\/strong> instead of Assumptions (a running list of agreed to-dos with owners and due dates). There is no official standard; the four-category Risks, Assumptions, Issues, Dependencies version is the most common, and it is the one this guide uses.<\/p>\n<h2 id=\"r-is-for-risks\">R is for Risks<\/h2>\n<p>A risk is a <strong>possible future event<\/strong> that would hurt the project if it happened: a key engineer might leave, a vendor might ship late, the client might delay sign-off. The cheap time to deal with a risk is before it materializes.<\/p>\n<p>For each risk, capture:<\/p>\n<ul>\n<li><strong>Description<\/strong>, written as cause and effect: \u201cBecause the vendor\u2019s API is still in beta, integration testing may slip past March 15.\u201d<\/li>\n<li><strong>Likelihood<\/strong> (1 to 5, or Low\/Medium\/High): how probable is it?<\/li>\n<li><strong>Impact<\/strong> (1 to 5): how bad would it be?<\/li>\n<li><strong>Score<\/strong>: likelihood multiplied by impact. This is how you sort the log so the top of the list is always the scariest item.<\/li>\n<li><strong>Mitigation<\/strong>: what you are doing now to make it less likely or less painful.<\/li>\n<li><strong>Owner<\/strong> and a <strong>next review date<\/strong>.<\/li>\n<\/ul>\n<p>Two pieces of hard-won guidance. First, resist logging vague worries (\u201cthe timeline is aggressive\u201d) as risks; a risk you cannot mitigate or watch is background anxiety, not a log entry. Second, when a risk materializes, do not delete it: close it as \u201coccurred\u201d and open a linked issue.<\/p>\n<h2 id=\"a-is-for-assumptions\">A is for Assumptions<\/h2>\n<p>An assumption is something you are <strong>treating as true without proof<\/strong> because the plan depends on it: \u201cthe client will provide test data by week 2,\u201d \u201cthe current infrastructure will handle launch traffic.\u201d<\/p>\n<p>Assumptions are the quietest project killers because nobody feels responsible for them. The discipline that works: write the assumption down the moment you hear yourself say \u201cwe\u2019re assuming\u2026\u201d, then give it a <strong>validation owner<\/strong> and a <strong>validate-by date<\/strong>. An assumption is a question with a deadline. When validated, mark it confirmed; when it turns out false, that usually spawns a risk or an issue immediately, and the earlier you find out, the cheaper it is.<\/p>\n<p>A good test during planning: for every major estimate, ask \u201cwhat would have to be true for this number to hold?\u201d Each answer is an assumption that belongs in the log.<\/p>\n<h2 id=\"i-is-for-issues\">I is for Issues<\/h2>\n<p>An issue is a problem that is <strong>happening now<\/strong> and needs resolution: the vendor did ship late, the environment is down, scope disagreement has stalled sign-off. Where risks are managed, issues are worked.<\/p>\n<p>For each issue, capture the <strong>description<\/strong> and <strong>date raised<\/strong>, a <strong>severity<\/strong> (Critical \/ High \/ Medium \/ Low, based on impact on the project\u2019s commitments, not on how loud the person who raised it was), an <strong>owner<\/strong>, the <strong>current action<\/strong>, and a <strong>status<\/strong> (Open \/ In progress \/ Resolved \/ Escalated).<\/p>\n<p>The most useful issue-log habit is writing the current action as a real sentence with a name and a date (\u201cDana chasing revised delivery date from vendor, answer due July 9\u201d) instead of a status word. When the review meeting reads the log, \u201cIn progress\u201d invites silence; a named action with a date invites a yes\/no answer.<\/p>\n<h2 id=\"d-is-for-dependencies\">D is for Dependencies<\/h2>\n<p>A dependency is anything where <strong>your work waits on someone else, or someone else waits on you<\/strong>: a deliverable from another team, a client decision, a compliance approval. Log both directions; forgetting outbound dependencies (things others need from you) is how you become the blocker in someone else\u2019s RAID log.<\/p>\n<p>For each dependency, capture the <strong>description<\/strong> and <strong>direction<\/strong> (inbound or outbound), the <strong>other party<\/strong> named specifically (\u201cIT\u201d is not a party; \u201cPriya on the platform team\u201d is), the <strong>needed-by date<\/strong>, a <strong>status<\/strong> (On track \/ At risk \/ Late \/ Delivered), and the <strong>owner<\/strong> on your team responsible for chasing it.<\/p>\n<p>Anything within two weeks of its needed-by date that is not confirmed should be treated as at-risk by default.<\/p>\n<h2 id=\"the-raid-log-template\">The RAID log template<\/h2>\n<p>One sheet, one row per entry, these columns. A single combined log with a Type column beats four separate tabs, because the weekly review reads one list, sorted by score and date, instead of four.<\/p>\n<div class=\"wg-table-wrap\"><table>\n<thead>\n<tr>\n<th>Column<\/th>\n<th>What goes in it<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>ID<\/td>\n<td>Sequential (R-01, A-01, I-01, D-01) so entries can be referenced in meetings<\/td>\n<\/tr>\n<tr>\n<td>Type<\/td>\n<td>Risk \/ Assumption \/ Issue \/ Dependency<\/td>\n<\/tr>\n<tr>\n<td>Description<\/td>\n<td>One or two sentences, cause and effect where possible<\/td>\n<\/tr>\n<tr>\n<td>Raised by \/ date<\/td>\n<td>Who logged it and when<\/td>\n<\/tr>\n<tr>\n<td>Likelihood (1-5)<\/td>\n<td>Risks only<\/td>\n<\/tr>\n<tr>\n<td>Impact (1-5)<\/td>\n<td>Risks and issues<\/td>\n<\/tr>\n<tr>\n<td>Score<\/td>\n<td>Likelihood x impact; sort the log by this<\/td>\n<\/tr>\n<tr>\n<td>Severity<\/td>\n<td>Issues: Critical \/ High \/ Medium \/ Low<\/td>\n<\/tr>\n<tr>\n<td>Owner<\/td>\n<td>Exactly one name<\/td>\n<\/tr>\n<tr>\n<td>Action \/ mitigation<\/td>\n<td>The current next step, as a sentence with a date<\/td>\n<\/tr>\n<tr>\n<td>Needed-by \/ validate-by<\/td>\n<td>Dependencies and assumptions<\/td>\n<\/tr>\n<tr>\n<td>Status<\/td>\n<td>Open \/ In progress \/ Resolved \/ Confirmed \/ Occurred \/ Closed<\/td>\n<\/tr>\n<tr>\n<td>Next review date<\/td>\n<td>When this entry must be looked at again<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<h2 id=\"a-complete-worked-example\">A complete worked example<\/h2>\n<p>Here is what a healthy RAID log looks like mid-project, for a fictional website replatforming:<\/p>\n<div class=\"wg-table-wrap\"><table>\n<thead>\n<tr>\n<th>ID<\/th>\n<th>Type<\/th>\n<th>Description<\/th>\n<th>L<\/th>\n<th>I<\/th>\n<th>Score<\/th>\n<th>Owner<\/th>\n<th>Action \/ mitigation<\/th>\n<th>Status<\/th>\n<th>Next review<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>R-01<\/td>\n<td>Risk<\/td>\n<td>Payment vendor\u2019s new API is in beta; integration may slip past Mar 15<\/td>\n<td>3<\/td>\n<td>4<\/td>\n<td>12<\/td>\n<td>Dana<\/td>\n<td>Weekly checkpoint with vendor; fallback to current API scoped by Feb 20<\/td>\n<td>Open<\/td>\n<td>Jul 10<\/td>\n<\/tr>\n<tr>\n<td>R-02<\/td>\n<td>Risk<\/td>\n<td>Only one engineer knows the legacy CMS export format<\/td>\n<td>2<\/td>\n<td>5<\/td>\n<td>10<\/td>\n<td>Marcus<\/td>\n<td>Pairing sessions booked; export runbook due Jul 18<\/td>\n<td>Open<\/td>\n<td>Jul 14<\/td>\n<\/tr>\n<tr>\n<td>R-03<\/td>\n<td>Risk<\/td>\n<td>Content migration volume may exceed the agency\u2019s estimate<\/td>\n<td>3<\/td>\n<td>3<\/td>\n<td>9<\/td>\n<td>Ana<\/td>\n<td>Sample audit of 10% of pages runs this week to re-baseline<\/td>\n<td>Open<\/td>\n<td>Jul 11<\/td>\n<\/tr>\n<tr>\n<td>A-01<\/td>\n<td>Assumption<\/td>\n<td>Client provides final brand assets by Jul 21<\/td>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<td>Ana<\/td>\n<td>Confirm in Thursday\u2019s client call; validate by Jul 17<\/td>\n<td>Open<\/td>\n<td>Jul 17<\/td>\n<\/tr>\n<tr>\n<td>A-02<\/td>\n<td>Assumption<\/td>\n<td>Current hosting tier handles launch-week traffic<\/td>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<td>Marcus<\/td>\n<td>Load test scheduled Jul 25<\/td>\n<td>Open<\/td>\n<td>Jul 25<\/td>\n<\/tr>\n<tr>\n<td>I-01<\/td>\n<td>Issue<\/td>\n<td>Staging environment down since Jul 2; blocking QA<\/td>\n<td><\/td>\n<td>4<\/td>\n<td><\/td>\n<td>Marcus<\/td>\n<td>Ticket escalated to hosting provider Jul 3; answer due Jul 8<\/td>\n<td>Escalated<\/td>\n<td>Jul 8<\/td>\n<\/tr>\n<tr>\n<td>I-02<\/td>\n<td>Issue<\/td>\n<td>Client and agency disagree on blog template scope<\/td>\n<td><\/td>\n<td>3<\/td>\n<td><\/td>\n<td>Ana<\/td>\n<td>Scope options doc to client sponsor by Jul 9 for a decision<\/td>\n<td>In progress<\/td>\n<td>Jul 9<\/td>\n<\/tr>\n<tr>\n<td>D-01<\/td>\n<td>Dependency (in)<\/td>\n<td>Legal approval of new privacy copy, needed before launch<\/td>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<td>Dana<\/td>\n<td>Submitted Jun 30; legal committed to Jul 15; chase Jul 11<\/td>\n<td>On track<\/td>\n<td>Jul 11<\/td>\n<\/tr>\n<tr>\n<td>D-02<\/td>\n<td>Dependency (out)<\/td>\n<td>Analytics team needs our event schema by Jul 20<\/td>\n<td><\/td>\n<td><\/td>\n<td><\/td>\n<td>Marcus<\/td>\n<td>Draft schema in review; deliver by Jul 16<\/td>\n<td>On track<\/td>\n<td>Jul 12<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>Notice what makes this log useful rather than ceremonial: every row has one named owner, every action is a sentence with a date in it, risks are sorted by score, and every single entry has a next review date. That last column is the one most templates leave out, and it is the one that decides whether the log survives.<\/p>\n<h2 id=\"how-to-run-a-raid-log-that-survives\">How to run a RAID log that survives<\/h2>\n<ul>\n<li><strong>Review weekly, top to bottom, sorted by score and date.<\/strong> Ten minutes in the regular project meeting. Every open entry gets one of three outcomes: the action advanced, the action changed, or the entry closed.<\/li>\n<li><strong>Log at the moment of mention.<\/strong> When someone says \u201cone thing I\u2019m worried about\u2026\u201d in a meeting, that is a risk being raised. Capture it then.<\/li>\n<li><strong>Close aggressively.<\/strong> A 60-row log where 40 rows are dead is unreadable. Resolved issues, confirmed assumptions, and delivered dependencies get closed with a one-line outcome.<\/li>\n<li><strong>Escalate by rule, not by mood.<\/strong> Decide up front what escalates automatically: any risk scoring 15+, any Critical issue open more than 5 days, any dependency late by more than a week.<\/li>\n<li><strong>Make the log the source for status reporting.<\/strong> The status report\u2019s \u201ctop risks and issues\u201d section should be pulled from the log, not rewritten from memory. If the two can disagree, one of them is fiction.<\/li>\n<\/ul>\n<p>And the honest failure mode: nearly every RAID log starts strong and dies around week six, when the review gets skipped twice and nobody trusts the dates anymore. The next-review-date column only works if something actually happens when the date passes.<\/p>\n<h2 id=\"a-raid-log-that-maintains-itself\">A RAID log that maintains itself<\/h2>\n<p>This is the part a spreadsheet cannot do and a work management grid can. Build the same log as a Wisegrid sheet and the maintenance runs on autopilot: date-triggered <a href=\"\/features\/automations\">automations<\/a> catch every entry whose next-review date has passed and notify its owner (with a full run history showing every time it fired), a <a href=\"\/features\/dashboards\">dashboard<\/a> rolls up open risks and issues by score and severity so stakeholders stop asking for a summary, and cross-sheet references pull the top items straight into your status report sheet so the report can never drift from the log.<\/p>\n<p>The step-by-step build, with the exact triggers, conditions, and dashboard widgets, is in the companion guide: <strong><a href=\"https:\/\/wisegrid.co\/guides\/build-a-raid-log\">How to build a self-maintaining RAID log in Wisegrid<\/a><\/strong>.<\/p>\n<h2 id=\"faq\">FAQ<\/h2>\n<h3 id=\"what-does-raid-stand-for-in-project-management\">What does RAID stand for in project management?<\/h3>\n<p>Risks, Assumptions, Issues, and Dependencies. A RAID log is the document that tracks all four in one place, with an owner, a status, and a review date on every entry.<\/p>\n<h3 id=\"what-is-the-difference-between-a-raid-log-and-a-risk-register\">What is the difference between a RAID log and a risk register?<\/h3>\n<p>A risk register covers only risks, usually in more depth (categories, response strategies, contingency budgets). A RAID log is broader but lighter: it adds assumptions, issues, and dependencies in the same list. Many teams run a RAID log day to day and keep a formal risk register only when the organization or contract requires one.<\/p>\n<h3 id=\"what-is-the-difference-between-a-risk-and-an-issue\">What is the difference between a risk and an issue?<\/h3>\n<p>Timing. A risk might happen; an issue is happening. When a risk materializes, close it as \u201coccurred\u201d and open a linked issue with an action and an owner.<\/p>\n<h3 id=\"does-the-a-stand-for-assumptions-or-actions\">Does the A stand for Assumptions or Actions?<\/h3>\n<p>Both variants exist and neither is wrong. Assumptions is the more common reading and the more valuable one in our experience, because actions usually already live in your task list, while assumptions live nowhere unless the RAID log holds them.<\/p>\n<h3 id=\"who-owns-the-raid-log\">Who owns the RAID log?<\/h3>\n<p>The project manager owns the log itself: its completeness, cadence, and hygiene. Each entry has its own owner, and that should rarely be the PM for everything; distributed ownership keeps the review meeting from being one person reading a list at everyone else.<\/p>\n<h3 id=\"how-often-should-a-raid-log-be-reviewed\">How often should a RAID log be reviewed?<\/h3>\n<p>Weekly for most projects, as a standing agenda item. High-tempo phases (launch week, a critical integration) justify a daily skim of Critical and High items.<\/p>\n<hr>\n<h3 id=\"build-a-raid-log-that-keeps-itself-honest\">Build a RAID log that keeps itself honest<\/h3>\n<p>Start free, copy the template above into a sheet, and let automations chase the review dates so you never have to.<\/p>\n<p><strong><a href=\"\/signup\">Start free \u2192<\/a><\/strong> \u00b7 <a href=\"https:\/\/wisegrid.co\/guides\/build-a-raid-log\">How to build it in Wisegrid \u2192<\/a> \u00b7 <a href=\"\/blog\/capacity-planning-template\">Capacity planning template \u2192<\/a><\/p>\n<hr>\n<blockquote>\n<p><strong>About the author<\/strong> <strong><a href=\"\/blog\/author\/ryan-kramer\/\">Ryan Kramer<\/a><\/strong> is the founder of Wisegrid, a higher-capacity Smartsheet alternative built around a 1,000,000-cell-per-sheet grid, date-triggered automations with run history, and cross-sheet reporting. He writes about the project management documents teams actually keep updated. <a href=\"\/blog\/author\/ryan-kramer\/\">More from Ryan \u2192<\/a><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>By Ryan Kramer, founder of Wisegrid. Last updated July 2026. A RAID log is a project management document that tracks four things in one place: Risks (what might go wrong), Assumptions (what\u2026<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-53","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wisegrid.co\/blog\/wp-json\/wp\/v2\/posts\/53","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wisegrid.co\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wisegrid.co\/blog\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/wisegrid.co\/blog\/wp-json\/wp\/v2\/comments?post=53"}],"version-history":[{"count":0,"href":"https:\/\/wisegrid.co\/blog\/wp-json\/wp\/v2\/posts\/53\/revisions"}],"wp:attachment":[{"href":"https:\/\/wisegrid.co\/blog\/wp-json\/wp\/v2\/media?parent=53"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wisegrid.co\/blog\/wp-json\/wp\/v2\/categories?post=53"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wisegrid.co\/blog\/wp-json\/wp\/v2\/tags?post=53"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}