The following KPI's are:

• Authentication: Correct identification of parties attempting to access systems and protection of systems from unauthorized parties
• Authorization: Mechanism required to authorize users to perform different functions within the systems
• Encryption (data in flight and at rest): All external communications between the application data server and clients to be encrypted
• Data confidentiality: All data must be protectively established, secured and archived
• Compliance: The process to confirm system compliance with the organization's security standards and policies