5.2.1 - The repository shall maintain a systematic analysis of security risk factors associated with data, systems, personnel, and physical plant.

Supporting Text

This is necessary to ensure ongoing and uninterrupted service to the designated community.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Repository employs the codes of practice found in the ISO 27000 series of standards system control list; risk, threat, or control analysis.