changes.mady.by.user Karl Nilsen
Saved on Sep 01, 2011
5.2.1) The repository shall maintain a systematic analysis of security risk factors associated with data, systems, personnel, and physical plant.
5.2.2) The repository shall have implemented controls to adequately address each of the defined security risks.
5.2.3) The repository staff shall have delineated roles, responsibilities, and authorizations related to implementing changes within the system.
5.2.4) The repository shall have suitable written disaster preparedness and recovery plan(s), including at least one off-site backup of all preserved information together with an offsite copy of the recovery plan(s).