This is the first of a series of articles that will drill down on each recommended step in an effort to help those just getting started on or revamping existing policies. Step 1: Creating Roadmaps of Regulatory and/or Contractual Requirements. In order to have a sound compliance or privacy program, one first must know the rules. Creating a map of these requirements will help ensure that organizations are aware of the rules that apply to them and will create a method for showing them how they should comply with each provision. Once the requirements have been identified and included in the map, the next step is to document how the organization complies with each of those provisions. On the roadmap or crosswalk, the organization will want to identify each policy, procedure, communication, training and monitoring activity related to each provision identified to show how they comply. The creation of such a tool gives the organization a baseline to audit and monitor against, helps avoid scrambling to collect documentation when responding to complaints and audit requests and enhances the organization’s ability to identify risk and program maturity progression. This practice can be easily adopted and customized for all organizational models, regardless of size, complexity, industry and scale of business.