In the Business Case and Operations Plan, you can record the following:
- Email related incident events and email volumes
- Organizational and architectural requirements.
- ESG calculated TCO and ROI
- The product/vendor selection process
- ESG deployment roadmap
- ESG supporting policies
- ESG required vendor management
- Email incident recovery plan
This document can be part of your annual audits and as part of your own in-house security portfolio review.