5-Do you respond to the threats and vulnerabilities identified in your SRA?