The organization has dedicated sufficient resources and expertise to the development of digital security as part of the implementation of the organization's strategy.
In addition, a responsible person has been named for digital security, and this theme receives enough attention in the responsible person's job description and time management.