01 Identification of the assets to be protected, and ascertain the threat level those for assets.
02 Determination of the compliance standards, and comparison of the business needs to the standards.
03 Discovery of gaps in regulatory compliance, information security/cybersecurity, and/or physical security.
04 Remediation plan with scope, plan, and budget.
05 Compliance Report Card
06 Detailed report with attachments showing controls, policies, procedures, and methods used to meet compliance standards
07 Gap section detailing each gap/issue, explanation of the threat with each gap, and criticality of each gap listed.
08 Executive Summary detailing gaps and controls
09 Knowledge transfer session for executives and/or practitioners
10 Periodic interim update sessions