1. Business risk assessments,
2. Customer risk assessments,
3. Designing policies and procedures,
4. Quality assurance,
5. Training,
6. Record keeping.