Legal and regulatory requirements regarding information/cybersecurity, including privacy obligations, shall be understood and implemented.
Legal and regulatory requirements regarding information/cybersecurity, including privacy obligations, shall be managed.