3) Privacy—personal information about customers, employees, suppliers, or business partners is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.
5) Availability—the system and its information are available to meet operational and contractual obligations.