A risk register catalogues existing risks, not potential upcoming risks. So that means one has to conduct some sort of risk assessment on your digital assets, is that in the scope of this project? How will the incumbent be provided access to analyze? What are those assets so we know if we have the skills set to analyze those?