All the company's systems have authentic controls (password, tokens, biometrics, and MAC addresses.
All the company's systems have authorization controls (access control matrices and compatibility tests except ADMA.
All the organization offer training regarding the systems.
All the company's systems have physical access controls (locks, guards and biometric devices.
All the company's systems offers remote access controls (IP packing filtering by border routers and firewalls using access control list, intrusion prevention systems, authentication of dial-in users, wireless access control.
All the company's systems use host and application hardening procedures (firewalls, anti viruses software, disabling unnecessary features, user account management, software design, ...