The University of SydneyPage 48SSE-CMM Architecture Description–Capability Level 2 –Repeatable–Have a defined security policy and procedure–The same procedure is followed project after project–Process areas covered include Security Planning, Security Risk Analysis, Assurance Identification, Security Engineering, and Security RequirementsSecurityEngineeringPracticesIndividual Projects