The frequency of IT services risk profile updates is a metric that measures how often the IT organization assesses and updates the risks associated with its services. This metric is useful to ensure that IT services meet business requirements, as it helps to identify and mitigate potential threats and vulnerabilities that could affect the availability, performance, reliability, and security of the services. A high frequency of IT services risk profile updates indicates that the IT organization is proactive and responsive to changing business needs and expectations. A low frequency of IT services risk profile updates suggests that the IT organization is reactive and complacent, and may not be aware of or prepared for emerging risks that could impact the business. References := Performance Measurement Metrics for IT Governance - ISACA, The 8 IT service management metrics that matter most