As processors, what should we do to get ready and balance the equation of accountability and risk in the establishment of contracts with controllers? Further, what does due care look like in managing operations as a processor to ensure a reasonable chance at compliance?