Educate
Educate and plan so the process is fully understood and transparent
Introduce process. Explain mode. Discuss data privacy. Implement roadmap definitions. Current maturity DDQ.
Design
Design your policy set and enrich processes
Tailored set of policies.
identity of incomplete processes.
Define target maturity.
Resource alignment.
Implement
Implement policies and
procedures
Define asset management.
Develop/enrich processes.
Approve processes.
Finalize procedure.

Introduce
Follow best practices for ongoing, proactive maintenance
Set policy review schedule.
Maintain risk log.
Monitor access log.
Manage access matrix.
Ongoing review of threats.
Validate
Validate set against target maturity model
Recovery procedures.
Define and plan.
Lessons learned.
Evaluate protection technology.
Optimize
Evaluate and optimize against resource pool
Incident reporting.
DRP validation & testing.
Validate recovery procedures.
Review/test roles & responsibilities.