1. How can the Organization be compliant with these Controls?
A.6.1.3: Contact with Authorities: Does it mean contact with the Superior Authority who is also the supreme body for GDPR?
2. A.6.1.4: Contact with Special Interest Groups: Does having ISACA Memberships of some other Interest Groups are taken into consideration?