Acquiring all of this data will most likely need an organization-vast audit and stakeholders in all aspects of the organization need to be involved with this evaluation. Generally, collection and processing activities occur in departments that aren't Generally associated with info processing. Hence, information mapping is a vital first step https://fismacomplianceinusa.blogspot.com/
