This isn't done by auditors; it is done with the databrackets staff to determine the gaps in the process. This provides them pretty particular recommendations of controls they should layout and put into action. Security Policy and Danger ManagementManage firewall and security policy on the unified System for on-premise and https://www.nathanlabsadvisory.com/blog/nathan/maximize-business-trust-and-security-with-hitrust-compliance/