Entity maintains a list of legal, statutory, and regulatory requirements relevant to information security
