A EU official assigned to a mission in the field must implement a cybersecurity protocol for a new high-security digital communication service that will handle sensitive personal data and security operation coordinates. The system will be deployed on a private cloud managed by an external provider. According to the EU's cybersecurity framework and applicable data protection principles, which of the following measures is the most critical and mandatory to ensure the system's security, data integrity, and compliance with the General Data Protection Regulation (GDPR) in an advanced threat context? Assuming the system is subject to the NIS2 Directive and the GDPR.