The standard is also applicable to organisations that manage high volumes of data or information on behalf of other organisations such bey veri centres and IT outsourcing companies.Organizations dealing with high volumes of sensitive veri may also face internal risks, such as employee negligence or unauthorized access. These hazards must be identif