What ability you have to restore the availability and access to personal data in the event of an incident
What are the steps you take to ensure the ongoing confidentiality, integrity, availability and resilience of systems which you use to process personal data
What are the technical and organisational measures you take to ensure the security of any personal data
