> For the complete documentation index, see [llms.txt](https://trustcenter.syntphony.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://trustcenter.syntphony.com/trust-center/security/security-risk-management.md). # Security Risk Management The security risk framework, explained in the Security Risk Management Standard for NTT DATA EMEAL, defines the roles and responsibilities of all actors involved in risk management, as well as describes the various risk approaches and risk governance instances. The steps for systematic risk management such as establishing the context, identifying and evaluating risks, treating risks, communicating, and reviewing are outlined based on the ISO 27005 standard. The approach to security risk management is oriented both to protect work tools and products as well as to ensure business objectives, thus, two security risk dimensions are highlighted: asset-based risk assessment, and operational risk assessment. Risk governing bodies at strategic and operational levels, and the communication and escalation mechanisms for risk owners and committees are also defined. Risk treatment measures are implemented to maintain the risk levels below the established risk appetite set by the Top Management and monitoring actions are carried out to ensure they are completed in due time. The periodicity of assessments is stablished to be, at least, yearly. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://trustcenter.syntphony.com/trust-center/security/security-risk-management.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.