10. Whether there are systems and processes—
(a)for preventing unauthorised access to sensitive records and infrastructure, including those containing member information, financial details or investment information;
(b)for monitoring and recording electronic and physical access to sensitive records and infrastructure;
(c)for ensuring the secure transfer of physical and electronic data and the secure conduct of transactions.