— Inventory and Mapping Business Environment Risk Assessment Data Processing Ecosystem Risk Management Governance Policies, Processes, and Procedures Risk Management Strategy Awareness and Training Monitoring and Review Data Processing Policies, Processes, and Procedures Data Processing Management Disassociated Processing Communication Policies, Processes, and Procedures Data Processing Awareness Data Protection Policies, Processes, and Procedures Identity Management, Authentication, and Access Control Data Security Maintenance Protective Technology