Conduct a second-level security categorization for organizational systems with the same impact level.