The outline is quite simple, the implementation can be quite complex:

1. understand your organization so that they can communicate what they need to comply with to you;

2. find, and then understand the Authority Documents your organization must comply with;

3. internalize your compliance requirements in the form of policies, standards, and procedures; and then

4. implement and audit those policies, standards, and procedures you've put into place.

The next section in this guide is about understanding organizational structures. That's where you have to start. If you don't understand your organization, you won't be able to communicate with them and they won't be able to tell you what they need to comply with.