The Security Plan includes controls that will be implemented in the future and resources that will be used in the future. Personnel, contractors, equipment, software, and budgetary allocations are examples of resources. A security plan is a written document detailing how a company intends to protect its physical and information technology (IT) assets. Security policies are dynamic documents that are constantly updated and modified as technologies, vulnerabilities, and security requirements evolve. If you have security controls in the planning stage but will not be implemented until later, you should describe them in the section on security planning. If you intend to hire a security administrator or a security engineer and have budgeted for it in the coming fiscal year, indicate this.