As part of the Agency’s internal control framework, a specific IT risk management framework has been established to provide assurance that IT-related risks, including cyber risk, are identified, managed and monitored. A defence-in-depth cyber security strategy has been implemented to assist in identifying, managing, and monitoring the cybersecurity landscape, threats, technologies and controls.