Definition of controls and creation of policies in order to address audit findings (e.g. patch management policy, penetration testing policy, third party/cloud assessment procedures and IT desaster recovery)