Mechanisms exist to ensure that every user accessing a system that processes, stores, or transmits sensitive information is cleared and regularly trained to handle the information in question.
Does the organization ensure that every user accessing a system that processes, stores, or transmits sensitive information is cleared and regularly trained to handle the information in question?