The Compliance and Audit activity provides the key elements that include:  

• Review existing governance models, structure, and process: Review documentation, capture existing practices, conduct interviews, draw the current landscape, and define the baseline for the engagement activity.  

• Define the targeted level of maturity on the governance level. 

• Perform Gap Analysis: Analyze current organizational governance structures with well-defined industry frameworks, standards, and models – identify opportunities to strengthen existing methods and structures and/or replace them with new and improved methods.  

• Define Governance Operating Model: Identifies governance structure inconsistencies, overlaps, and gaps among governance mechanisms and maps current governance processes and structures.  

• Plan of Action deliverables: Provides a set of deliverables that provide visibility and insights into the engagement activities, current landscape, achievable target state (i.e., desired state to accomplish), prioritized set of actions with milestones, to lead towards the target state to enhance and strengthen the security framework. 

Policy enablement :  

• Enable security policies on key aspects such as Digital identification, Global Security, Information Classification, IoT Security, and Organization Governance to improve security based on the emergence of new threats, new technological trends, and national/international regulatory framework evolution.  

• Ensure that policies are applied on use case and IoT services definition. 

• Collaborate with Microsoft on the definition of Cloud-based Security Control Framework to ensure and ease the sharing, compliance, and application of policies as well as the follow-up of the adoption of those policies by all TASMU ecosystem's stakeholders.