Compliance monitoring
Procedures to ensure compliance with relevant data protection regulations

Acceptance of risks
Justification for accepting any remaining low-level risks

Documentation of this
It serves important purposes
It provides a clear understanding of the organization's risks and allows management to make good decisions about risk mitigation and resource allocation
Facilitating communication and collaboration
Methods can be shared with designated stakeholders
Like upper management
Security teams
IT staff
So that everyone has sufficient knowledge of risk management and treatment

Support ongoing risk management
A baseline plan for monitoring activities and continuous reassessment of risks
By documenting results and assessing risks