This document outlines 7 steps for improving a company's compliance program. Step 1 is to conduct an annual risk analysis to identify all threats and assess risks. Step 2 is to update policies at least annually to reflect changes. Step 3 is to continuously monitor systems to ensure accountability. Step 4 is to regularly review mitigating controls as threats evolve. Step 5 is to continuously respond to and remediate new risks discovered through monitoring. Step 6 is to document all program improvements. Step 7 is to continuously update the company's risk profile as new threats emerge. The goal of improving the compliance program is to have a robust, risk-based program through ongoing monitoring, documentation and risk analysis.