Mechanisms exist to conduct periodic audits of cybersecurity & data protection controls to evaluate conformity with the organization's documented policies, standards and procedures.