Having understood the contractual obligations committed and Group security requirements, the Information Security And Compliance Lead must now build on these requirements.

To start with, the technical requirements need to be developed. This should typically include developing details for access management, network security requirement, data security requirement etc. as understood during scope assessment. The overall compliance requirements are established here.

The Information Security And Compliance Lead must also understand and establish the audit and compliance requirements of the customer. In addition, the customer may have requirements for the engagement personnel to be trained on the security standards and framework. The Information Security And Compliance Lead must understand the details of these requirements and develop an Information Security Training Plan in line with the requirements.

Few of these requirements may need to be implemented through other streams.Once the requirements are established the Information Security And Compliance Lead must collaborate with other stream leads to communicate the security requirements to them.