It is an integrated process that relies on a set of steps, beginning with identifying gaps and classifying them according to their seriousness on systems, applications and infrastructure and providing sufficient information to enable the enterprise to address those gaps and achieve the highest levels of safety.