5.2.1) The repository shall maintain a systematic analysis of security risk factors associated with data, systems, personnel, and physical plant.
|
5.2.2) The repository shall have implemented controls to adequately address each of the defined security risks.
|
5.2.3) The repository staff shall have delineated roles, responsibilities, and authorizations related to implementing changes within the system.
|
5.2.4) The repository shall have suitable written disaster preparedness and recovery plan(s), including at least one off-site backup of all preserved information together with an offsite copy of the recovery plan(s).
|