Security Framework

Implement a security framework to identify and close gaps between an organization’s current cybersecurity status and its target (future) cybersecurity status. Make sure to align to an appropriate regulation (e.g., PCI DSS, HIPAA, SOX, GLBA).
The company is a SMB that provides services to vehicles. I am looking at PCI DSS.
Describe the current cybersecurity environment, such as processes, information, and systems directly involved in the delivery of services. Describe the current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints using the framework identified. Include a diagram related to the common workflow of information and decisions at the major levels within the organization. Future Cybersecurity Policy Implementations: Describe the critical cybersecurity needs that should be in place to ensure compliance with the appropriate regulation (e.g., PCI DSS, HIPAA, SOX, GLBA) and then prioritize organizational efforts, business needs, and outcomes.