5. Recommendations > 5.1. Advise and implement effective controls to manage identified risks. Ex. Regular backups. Install antivirus and regular software upgrade. 5.2. Describe the policy you would implement to cover access to the system in dot points. For example, password policy or sharing accounts and installing software on the organization's devices. 5.3. Advise and plan any required trainings or strategies to promote security policy awareness amongst the organisation (refer to slides or online publications). 5.4. Advise if there are any high-risk categories need regular monitoring. For example, staff account monitoring. 5.5. Develop a security plan for one of your identified risks. What staff should/should not do. You can discuss recovery policy. 5.6. Develop a security recovery plan for one of your identified risks. E.g., malware. 5.7. Develop a security maintenance procedure for any identified risks if required? E.g., software patch or backup procedure