| Implementation of the appropriate technical and organisational measures |
| Assessing the appropriate level of security account |
| Approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 |
| Ensuring the compliance in activities on behalf the Controller or Processor in context of the regulation |
