Every Data Partner has assessed the data governance risk of taking part in CO-CONNECT. The process used varies based on the data held. As a minimum every organisation has undertaken a data protection risk assessment. Many have undertaken a full data protection impact assessment given the scale of data they hold. Security risk assessments have been undertaken on the software, especially by the Trusted Research Environments to ensure the software does not undermine their security and consistent with their normal processes for assessing software.