Creation and review processes, procedures, documents, contracts and policies to ensure that organizations are in compliance with legal norms and good practices for information security, cybersecurity, protection of personal data and electronic privacy.