If you mean in terms of the networks themselves, that type of risk assessment is typically conducted by the industry department, which would audit certain technical practices. It has the ESWG committee, where industry and ISED representatives work together to address those types of issues.
On July 25th, 2022. See this statement in context.