I don't for has provided a continual Improvement model to give stakeholders some guidance and how to make improvements. Some people look at this as project planning, but it's a great template to use. If you don't know how to get started and you want to know the actual steps to going about making improvements. Well, there's seven steps, you want to start with, what is the vision of the organization, what is the business mission goals and objectives? This is very important to make sure you understand what the business does as a whole. So that whatever changes we're making, it's still in alignment with the overall objectives of the enterprise as a whole. The second step to making improvements is assessing where you are today. Taking a snapshot, observing the environment, measuring how bad are things, how weak are things performing. Identifying a baseline, it's like a starting point because you can't change your environment or improve it. Unless you take some type of before and after measurement, the third activity in the continual improvement model is where do we want to be? This is defining targets, measurable targets, where do we want to go? So let's say we're trying to improve the Service Desk and every call is taking 20 minutes, but we would like every call to take 5 minutes. You definitely want to be able to quantify whatever it is you're trying to improve. The fourth step is how do we get there, well, this is where you use idle. This is where you log your continual improvement, register recommendations. This is where you define a plan, this is where you log what your requirements are. Your timeframes and the people involved that are going to actually carry out the improvement. The fifth step is actually taking action and you execute according to those defined plans. Everything we do should be logged so we can link back to what the original requirement was. The sixth step and the model is did we get there, so this is the post snapshot after we made a change. We go back and evaluate and take another measurement or key performance indicator, KPI, did we meet our original goal or our target. The seventh and final step which we will do ongoing is every single year annually. Or quarterly however often you choose, you may want to go back and see, did that improvement hold up? Have we embedded this action and this activity into the enterprise as a whole? Are people actually following this new change that we made, so, we want to go back and take an assessment periodically. Most organizations have some type of security policy, security team or security plan. And there's different types of security, there's physical security, personnel security. Network security, but purposes of the idle for exam, we're talking about information security. That's protecting data and information, specifically and we know that data and information is used by the organization, so it cannot be corrupt. It cannot be suspect to viruses, so the key thing here when looking at security management is protecting. So protecting data can be done by having a policy, but the policy needs to be enforced. Someone needs to do the checks and balances, it is great to have a dedicated security team. But you want to have your own methods in which you manage breaches, violations and incident. Security is part of risk management, you need to identify if the staff is who they say they are when they are asking for additional access. You may deal with contractors or guests or a consultant and if that contract is over you want to make sure that you deactivate their account. You want to make sure that data is clean from people that don't need access. That the data has integrity, and it's cleaned from viruses, and it's available when people need access to the data. So security management has controls involved with it, it has a team dedicated to making sure that if you have a policy. That we can also prevent any breaches, any violations, we can detect using some type of tools. And we have corrective actions that we can resolve and mitigate in a related security incident that affect information and data that we use. The purpose of the relationship management practice is really to nurture the relationships. Between various stakeholders and various levels within the organization. So for test purposes, we're going to be concentrating on those senior business executives at the strategic planning level. And those managers at tactical levels as well, the IT department or the service provider. Really needs to take advantage of managing relationships between managers at these two levels. So please make sure you note this for the exam, relationship management is being aware of who makes decisions. Who are the sponsors, who are the critical stakeholders and making sure that they are satisfied. You really want to pay attention to what their needs and priorities are, some managers are really concerned with IT. Some managers are really concerned with budget and people, you want to know which issues are more important to different managers by having some type of liaison. This liaison can be called the relationship manager or the business relationship manager. Their job is to mitigate any complaints and conflicting requirements between various types of stakeholders.