Address application security and availability requirements in response to identified risks and in line with the organisation’s data classification, information architecture, information security architecture and risk tolerance.