The procedure may involve port scans on servers and firewalls, audits of security fixes, and third-party penetration tests.