5.2.2 -The repository shall have implemented controls to adequately address each of the defined security risks.
Supporting Text
This is necessary in order to ensure that controls are in place to meet the security needs of the repository.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Introduction
A summary of our practices in relation to our objectives, commitments, and context. May include:
- Standards met or industry best practices employed, and their applicability to Scholars Portal; certifications achieved or audits undertaken if applicable
- Differences from standards or best practices and our rationale for those differences if applicable
- Parties involved in the creation of the document if applicable\
The complete text of the SOMETHING is available through the link below. The SOMETHING fulfills all or part of this criteria by describing SOMETHING, SOMETHING, and SOMETHING. (repeat for all documents linked)
Responsibility
Digital Preservation Policy Librarian - Ensures proper functioning of overall system.
Potential Risks
Significant risks, threats, changes, or dependencies that could affect our ability to satisfy this criteria or deliver this service in the future. How are we addressing these risks?
Monitoring Commitments (delete if not needed)
How frequently we intend to monitor the situation or review the document. Mention automated reports if applicable.
Future Plans
Scholars Portal recognizes that formal security audits and third-party vulnerability assessments could be valuable. MIRROR SITERepository employs the codes of practice found in the ISO 27000 series of standards; system control list; risk, threat, or control analyses; and addition of controls based on ongoing risk detection and assessment. Repository maintains ISO 17799 certification.