TDR Section 5 focuses on infrastructure and security risk management for trustworthy digital repositories. It emphasizes the importance of identifying, assessing, and mitigating risks associated with system infrastructure, including hardware, software, and operational procedures. Repositories must maintain technology watches to monitor obsolescence, conduct regular assessments, and have procedures for evaluating and implementing necessary hardware and software changes. Adequate backup functionality, bit corruption detection, and synchronization of multiple copies of digital objects are essential to ensure data integrity. Risk registers, technology assessments, and environmental scans help identify vulnerabilities, while documented procedures for storage media migration and critical process management ensure continued compliance with preservation responsibilities.

The section also highlights the importance of security risk management, including systematic risk analysis, appropriate controls, and staff roles and authorizations. Repositories must implement security measures based on risk assessments, following standards like ISO 27000, and conduct regular evaluations to address emerging threats. Disaster preparedness and recovery plans are crucial, requiring at least one off-site copy of preserved information and the recovery plan itself. Regular testing of these plans ensures readiness to maintain services and protect digital objects during unforeseen events, safeguarding the long-term trustworthiness and accessibility of the repository’s holdings.