Risk areaData inventory
ControlEnvironment and release control
Review evidenceArchitecture review
ContextIdentify input fields, call content, transcripts, extracted values, identifiers, sensitive elements, downstream records, and what can be excluded.
