A company’s application is hosted at a data center. The data center provides security controls for the
infrastructure. The data center provides a report identifying serval vulnerabilities regarding out of date OS
patches. The company recommends the data center assumes the risk associated with the OS vulnerabilities.
Which of the following concepts is being implemented?