(b) process to maintain the ongoing confidentiality, integrity, availability and resilience of processing systems and services;</p> <p>(c) written plan to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.