- Task 1: - Identify the organizations purpose, scope, and risk profile. - Task 2: - Idenitify policies, procedures, and strategic plans. - Task 3: - Identify the implemented controls that support the purpose, scope, and risk profile. - Task 4: - Document the implemented controls. - Task 5: - Review and periodically update the documentation of implemented controls. In other words - Identify, Select, Test, and Review.