Multiple choice1 / 15
An organization implements structured sets of controls primarily to manage IT and security risk consistently and demonstrate due care. Which statement correctly characterizes the legal status of such frameworks relative to regulations?