Mechanisms exist to compel data and/or process owners to implement required cybersecurity & data privacy controls for each system, application and/or service under their control.
Does the organization compel data and/or process owners to implement required cybersecurity & data privacy controls for each system, application and/or service under their control?