A Security Plan: Management Policies
Risk assessment
Security policy
Implementation plan
Security organization
Access controls
Authentication procedures, including biometrics
Authorization policies, authorization management systems
Security audit