5.1. The Company shall define and implement an assessment and control system necessary to evaluate the implementation of the information security management system, improve the internal audit system, and execute appropriate controls across the Company.