Mechanisms exist to compel data and/or process owners to operationalize cybersecurity & data privacy practices for each system, application and/or service under their control.
Does the organization compel data and/or process owners to operationalize cybersecurity & data privacy practices for each system, application and/or service under their control?