Cupburger Risk Assessment Policy
Risk Assessment V1.1
November 2025
This is a basic risk assessment for the Cupburger Collective’s activities. It uses a simplified risk assessment format that outlines the likelihood (1 is very unlikely, 3 is highly likely) and severity (1 is not severe, 3 is very severe) of the risk identified. It then summarises the process to follow should this event happen.
Risk: Disagreement within the group – minor e.g. a disagreement with a decision but that can be talked out relatively easily.
Likelihood (1-3): 3
Severity (1-3): 1
Process: If consensus isn’t reached on a decision in Discord or on a call, we will invite the people who don’t agree to raise their points, and we will discuss until we either get a consensus or move to disagree – significant process.
Risk: Corned beef – David has successfully mitigated this risk.
Likelihood (1-3): n/a
Severity (1-3): n/a
Process: n/a
Risk: Disagreement within the group – significant. E.g. A rift between two groups or individuals or a mix of these that cannot be resolved by previous process.
Likelihood (1-3): 2
Severity (1-3): 2
Process: Follow the complaints process below to try to find resolution.
Risk: Fund is attacked/targeted on social media e.g.
Someone in community takes issue with the fund and takes to social media to try to delegitimize the fund, or they aren’t funded and take issue, etc.
Right wing group attacks us.
Or someone posts about what has happened in a meeting (see code of conduct for when this is OK).
Likelihood (1-3): 1
Severity (1-3): 3
Process: We will update this section as our process evolves, but essentially in this situation our approach is:
Ensure our social media accounts don’t follow anyone and turn off DMs.
Ensure our social media signposts to website.
Use auto-reply.
Ensure two factor is on and we have followed sensible security protocols.
Release a message if needed.
Risk: Accusation is made towards someone in the community e.g. of abuse, bullying, harassment, taking money.
Likelihood (1-3): 2
Severity (1-3): 3
Process: Follow complaints process below.
Risk: Group is contacted by the media or receives media attention.
Likelihood (1-3): 1
Severity (1-3): 2
Process: We assume this would generally be via our social media channels.
Approach is: do not respond to the contact, and immediately mention it on the Discord. We will then agree as a group what to do, if anything.
Risk: Fund or platform has a cybersecurity attack or data breach.
Likelihood (1-3): 1
Severity (1-3): 3
Process: We do not collect any payment information directly through this website, as all financial transactions are handled externally through Open Collective.
We only collect limited personal data from people who contact us or submit forms (for example, via email or project applications), as described in our Privacy Policy. All donations and grant requests are handled through the Open Collective platform.
You can find out more about Open Collective Security here: https://docs.opencollective.com/help/product/security
You can also read the Open Collective Privacy Policy here: https://opencollective.com/privacypolicy
Our own Privacy Policy can be found here: https://www.cupburger.org/policies/privacy-policy/
While we do not expect a data breach, if any issues occur we will follow the advice of Open Collective, remain transparent and alert anyone who may be at risk.
* Excluding login cookies for website admins, editors and contributors who are members of our community.
Our approach to conflict, complaints and accusations:
Our approach is always to talk things out in Discord chat or call whenever possible. Where this cannot be resolved this way (as outlined in the risk assessment above) we will follow our complaints process.
Complaints/accusation of abuse flowchart:
Flowchart Coming Soon.
All our approaches to conflict align with our code of conduct and are aimed at using a restorative justice approach.
Complaints/issues (internally):
- If someone has a complaint or issue to raise, they can send an email: If you have a complaint/issue to raise that you feel needs hearing, please send an email to the inbox titled ‘complaint’ saying the following:I have a complaint /issue to raise regarding XX and would like to schedule a meeting about it.
- At this point the call goes out, and the fact finding meeting is arranged as soon as possible bearing in mind everyone’s status as volunteers, and a reply will be sent as soon as possible. At this stage the person against whom the issue is raised will be asked to pause their work on Cupburger while we investigate, this does not mean they are removed from the Discord, it is purely for the protection of the process and Cupburger.
- At this point roles can be setup so the meetings can take place in Discord safely. Ideally the conversation would take place between the two parties. If this is not possible we will speak to the two parties separately and gather the facts before coming to a suggested outcome.
- At the meeting, the complainant or other party can bring a friend/advocate to help them articulate their thoughts – bearing in mind everyone in the meeting needs to be part of the mutual aid community.The people involved in the investigation will strive to approach the conversations as fresh as possible, with only fact seeking and reconciliation in mind.The aim of the meeting is to come to a broadly positive or constructive resolution for both parties. Any notes or communications about a complaint are kept confidential and only shared with those directly involved in handling the issue. We delete or anonymise these records once the process is concluded, unless we are legally required to retain them. If the other party does not agree to attend the meeting it will go ahead without them, and a decision will be made for a resolution in the meeting. We will allow one cancellation in some instances – this will be decided on a case-by-case basis. Equally, the issue/complaint will not be continued if the person raising the issue does not attend the meeting.If after sufficient effort a resolution cannot be agreed between the parties, a resolution will be agreed by a wider group at a big meeting, at which point this decision will be final.The wider group would be informed that a process has been followed and that a successful resolution was agreed at the next big meeting.If someone has been removed from the community and they wish to rejoin, they may have an opportunity to do so – this will be decided on a case-by-case basis. However we are open to people’s possibility to apologise, grow and change. If a Finance Admin is removed, we will immediately secure all financial accounts by changing passwords and removing their access. (In Cupburger terms: mild panic, followed by prompt action.)
Complaints/issue – external:
- If complaining about the fund: we will have a set response via email for people who aren’t successful in accessing the fund. If this escalates we follow the ‘fund is attacked on social media’ process in the risk assessment. If any email needs to be written that is not the set response, at least 2 members of the community should read it and agree the content.
- If complaining about an individual involved in the fund: follow the same process as above but with people not in the same meeting. Undertake two separate fact finding calls. Utilise safeguarding policy if needed – this will depend on the case. Aim is to come to a satisfactory resolution. If an incident is a safeguarding concern we do not investigate, we report it as a safeguarding issue. For these situations suggest we immediately talk to people in the community who are more confident in safeguarding concerns to agree next steps.
For very minor issues: we look into it, make a decision, and give a response.
For anything illegal currently happening/recently – follow safeguarding policy.
For very serious issues including historical issues e.g. abuse, bullying, harassment we will approach these on a case-by-case basis, following the ‘major disagreement’ process and/or safeguarding process. These will need to be discussed.
Last updated: 06 November 2025