M1. The Responsible Entity shall make available its Cyber Security Incident response plan as indicated in Requirement R1 and documentation of the review, updating, and testing of the plan.
M2. The Responsible Entity shall make available all documentation as specified in Requirement R2.