1- Why are confidentiality, availability, and integrity not considered in the Risk assessment? and how Conformio is addressing them.
2- Why is there no prioritization for actions in RTP? This should be identified based on the risk levels.
we only see a list but it's not based on the risks identified.