5.2 – Security Risk Management
- 5.2.1 - The repository shall maintain a systematic analysis of security risk factors associated with data, systems, personnel, and physical plant.
- 5.2.2 -The repository shall have implemented controls to adequately address each of the defined security risks.
- 5.2.3 - The repository staff shall have delineated roles, responsibilities, and authorizations related to implementing changes within the system.
- 5.2.4 - The repository shall have suitable written disaster preparedness and recovery plan(s), including at least one off-site backup of all preserved information together with an off-site copy of the recovery plan(s).