6. At least once a year, a body must(1) analyze the relevance of the categories of persons identified in the body’s information governance policy adopted under section 105 of the Act respecting health and social services information (chapter R-22.1) and, where applicable, review those categories; and (2) assess the compliance of logging mechanisms, where applicable, and of the register of communications referred to in section 265 of the Act, as well as the effectiveness of the security measures put in place by the body to ensure the protection of the information that the body holds and, where necessary, review the register and those measures.