Therefore, you are going to need to tackle managing regulatory compliance in the order above. Start with your organization. Once you’ve learned enough about it to navigate your leadership structure, organizational structures, and communication patterns, you can target which Authority Documents pertain to which groups. Then you can build your Authority Document lists and harmonize the controls within them, boiling their mandates down to simple language and de-duplicated common controls. Once you’ve achieved that level of understanding what you must do, you can internalize those mandates as organizational policies, standards, and procedures. Only then can you begin to implement them and stand up and be audited, showing you are compliant.