# Technology Risk Programs Technology risk includes cybersecurity risk, but it is much wider in scope than that. Cybersecurity is about protecting oneself from attack - essentially the equivalent of making sure no one steals your data, and no one gets into your network unauthorized. Technology risk however is more extensive in scope than just cybersecurity. It includes the controls that need to be in place to protect against the entire range of technology failures - from ensuring adequate capacity, to managing against outages, and making sure planned changes go in smoothly. Generally, Technology Risk includes the following programs: 1. Managing policies * Technology risk management framework 2. Managing the control framework * Building and maintaining the control framework * Control self-assessment/testing * Technology risk appetite * Measuring policy compliance * Building a control framework 3. IT governance * Managing risk committees * Managing to and reporting on risk appetite 4. Risk assessments: * Application risk assessments * Infrastructure risk assessments * Process risk assessments 5. Issue Management - including managing policy & control exceptions 6. Disaster recovery and business resilience 7. Identity and access management 8. Third party risk 9. Change management 10. Production control and security incident management 11. Project management risk 12. Legacy hardware and software (EOL) 13. Privacy and compliance program support 14. Emerging risk reviews 15. Employee training and awareness 16. Shadow IT/End user computing 17. Audit management 18. Others: * Hardware and software inventory maintenance * Software license compliance * Emerging risk reviews * Remote workplace infrastructure * IT Inventory maintenance (h/w and s/w) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.swantu.com/technology-risk-programs.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.