The enforcer component is there to enforce statutory or regulatory expectations, to monitor or audit, to advise or provide standards, certification or best practice. As such, the enforcers would include the police and security agencies, the regulators, some parts of government, etc. In fact, it encompasses any organisation that provides enforcement or controls, to the [[consumer|consumers]] and the [[producer|producers]]. Like the consumers and producers, an enforcer will use security products and services for protection, but it may produce or provide products or services.
The enforcers can be typically considered as the government or their proxies, such as the regulatory bodies, and they can be national or international. We have mentioned some of these previously in the context of the UK, such as the [[National Cyber Security Centre]] (NCSC), which has an advisory or directive role, the [[Information Commissioner’s Office]] (ICO), and an organisation may be certified against the [[ISO]]’s [[ISO 27001]] standard, for example.