It is an integrated process that relies on a set of steps, beginning with identifying gaps and

classifying them according to their seriousness on systems

applications and infrastructure and providing sufficient information to enable

the enterprise to address those gaps and achieve the highest levels of safety.