# Risk management FAQ

This page list frequently asked questions on risk management.

Dialogues
- Do you participate in risk assessment meetings?
- Can we propose security or privacy improvements?
Risk assessments
- Do you have standardized text that we can use?
- Can we review your internal risk assessments?
Documentation
- Do you have additional security documentation?
- Which clock synchronization do you apply?

TIP

This section prosper on questions. Contact us with your burning topics so we can grow the page together.

# Dialogues

# Do you participate in risk assessment meetings?

Yes. We prioritize risk assessment meetings with data controllers to assist with information and clarifications. For DPIAs and RARs in data spaces and labs, we will be able to respond quicker if we can comment on written drafts.

# Can we propose security or privacy improvements?

Yes! As science develop, so do our need to evolve environments that give your scientists the "freedom to explore". We are truly appreciative for all suggestions on how to improve our security and/or privacy controls. Such dialogues may both focus on the "freedom"-side of things (proposing relaxation of measures) or focus on the "control"-side of things (proposing restriction of features). Please contact us with your suggestions.

# Risk assessments

# Do you have standardized text that we can use?

No. You will need to make your own assessment of risks that you find relevant in your specific scientific context. When that is said, we are happy to share and discuss potential scenarios, threats and assessments.

# Can we review your internal risk assessments?

Yes. We share our internal Risk Assessment Report (RAR) with data controllers on request. This is a summary of our current risk evaluation of organizational environments, technical environments and services environments. Data controllers are also welcome to see our full risk management assessments under some conditions. Contact us for such arrangements.

# Documentation

# Do you have additional security documentation?

Yes. We hold an extensive collection of security documentation that is not available on these pages. These are available for data controllers on requests under some conditions. Contact us if you need additional information for your assessments.

# Which clock synchronization do you apply?

We use the European NTP pool (opens new window) for clock synchronization on our underlying infrastructure.

Details on the pool zone

We use the following pool zones for clock synchronization:

0.europe.pool.ntp.org
1.europe.pool.ntp.org
2.europe.pool.ntp.org
3.europe.pool.ntp.org

← Resources Introduction →