Step one is to listen to your business.
Step two is to perform an assesment/audit to identify any vulnerabilities.
Step three is to create a report of above assesments and recomment soluitons.
Once the above have been implemented then we look at policies and procedures to help protect your business.
Then there is the option of ongoing support to help protect your business and it progresses.