A written assessment of our current state, including systems and storage (on premise and in cloud), networks, controls, procedures, policies, training, audits and personnel and any other information about our current state that is appropriate to include. A written report of what additions and changes to our current state would be required to achieve our desired future state. This report should include: New or modified IT systems, tools and services, and estimated costs. Personnel necessary for legal, compliance and any other areas identified, and estimated salaries. Controls and policies that would need to be changed, as well as new controls, procedures, and policies that would need to be added as well as estimated time required. New or modified training programs needed for compliance, as well as suggestions for staffing levels and estimated salaries needed to support the program. Description of regular audits and assessments that are necessary to maintain compliance and estimated costs. Overall one-time and recurring estimated costs to achieve the future state.
