2. Secondly, make a detailed evaluation list according to the collected standards and frameworks. The list includes the control items, requirements and indicators that need to be evaluated, as well as the corresponding evaluation methods and standards.
3. Then determine the evaluation process and time plan, analyze each control item in the list, determine the evaluation method and technology, and arrange the evaluation time to ensure that the evaluation can cover the whole information security system.
4. Then, clarify the responsibilities and tasks of the assessment, ensure the implementation and supervision of the assessment, conduct the assessment according to the formulated list, check whether each control item meets the requirements, and record the assessment results and problems.
5. Then analyze the evaluation results and summarize them into an evaluation report. The report includes the purpose, methods and results of the assessment, and makes improvement plans and implements information security measures according to the assessment results.
6. Finally, supervise and follow up the implemented improvement measures to ensure the effectiveness and continuous improvement of the measures.