Engage early and know how to identify and manage risk.
Carry out testing and assessments for security.
Follow mandatory policy requirements.
Apply guiding principles and best practice.