5.2.2 -The repository shall have implemented controls to adequately address each of the defined security risks.
This is necessary in order to ensure that controls are in place to meet the security needs of the repository.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Repository employs the codes of practice found in the ISO 27000 series of standards; system control list; risk, threat, or control analyses; and addition of controls based on ongoing risk detection and assessment. Repository maintains ISO 17799 certification.