3.4 [DETAILS] Accountability Best Practices

In this section, we present a list of measures, under the form of best practices, corresponding to the control objectives listed in Section 3.3 above. This list is organized by lifecycle phase (cf. Section 3.2). These measures are intended to be pragmatic recommendations, and are not uniform in nature, some representing specific objectives to achieve (e.g. understanding relevant obligations), while others are more action-oriented (e.g. Perform a root cause analysis). The list is neither comprehensive nor prescriptive: there are most often alternative ways to fulfil control objectives, the optimal choice depending on context. This list is best suited for large organisations; an alternative approach for smaller entities is proposed in Section 3.5.