5.2.2 -The repository shall have implemented controls to adequately address each of the defined security risks.
A summary of our practices in relation to our objectives, commitments, and context. May include:
- Standards met or industry best practices employed, and their applicability to Scholars Portal; certifications achieved or audits undertaken if applicable
- Differences from standards or best practices and our rationale for those differences if applicable
- Parties involved in the creation of the document if applicable\
The complete text of the SOMETHING is available through the link below. The SOMETHING fulfills all or part of this criteria by describing SOMETHING, SOMETHING, and SOMETHING. (repeat for all documents linked)
Numerous personnel are responsible for the design, implementation, and monitoring of security and risk controls. In general, the Digital Preservation Policy Librarian is the repository's main point-of-contact for risk management.
The chief risks associated with security controls are (1) failure to employ controls that address the address the full scope and scale of the threat and (2) failure to review and update controls in a timely manner. To manage the first risk, Scholars Portal conducts a thorough analysis of individual threats in order to design controls that address their full scope and scale. Please see TRAC 5.2.1 for more information. To manage the second risk, the repository has monitoring commitments in place (see next item).
Scholars Portal will assess its Risk Analysis and Management Strategies document on a regular basis, according to the Review Cycle for Documentation Policy, or whenever there are major changes to its operating environment such as hardware refreshment, staffing changes, or cyber attack. Reassessment will in some cases lead to closer scrutiny and evaluation of individual security controls.