This question is to determine whether there is an official strategy and plan in place to set up, implement and run a cybersecurity strategy (based on Zero Trust) and the accompanying technology, to preemptively reduce risks and improve security.
we have a formal strategy and information security plan which is signed off by management. This plan is in line with business objectives and supported by risk and internal audit (3LoD). Dedicated resources on security are allocated.