Incorporate all designed controls into a comprehensive Compliance Controls Definition. Create or update the definition to outline the stakeholders, the duration, order of implementation, the resources, the benefits, risks, critical success factors, and pre-requisites. Merge the Compliance Controls Definition and the assessed Compliance Requirements into the Compliance Controls Plan.

The Compliance Controls Definition merges with the Assessed Compliance Requirements to produce the Compliance Plan. The Compliance Plan merges with the Service Management Plans, which is a collection of plans produced by the various individual processes involved in Service Management.

If the Compliance Controls Definition requires an investment or resource reallocation decision, IT Portfolio Management is a key recipient of the Service Management Plans.