5.1.1.6.1 - The repository shall have a documented change management process that identifies changes to critical processes that potentially affect the repository's ability to comply with its mandatory responsibilities.

Security scans are routinely performed on Merritt services; detected vulnerabilities are reviewed by the CDL's Infrastructure and Application Support (IAS) services group and UC3 staff, to assess the degree of urgency to implement patches.