Hello,
I have read your project description and with the detail provided, am prepared to propose security plan documentation for data security and access control which will be based off of the NIST 800-53 Rev. 5 Cyber Security Framework.
Please be aware that this will merely constitute as the documentation only and it would be up to your organization to implement the actual controls within your day to day operations.
The same templates which will be used to author your specific documentation templates have been previously implemented within several organizations and aided them in acquiring FedRAMP, SOC, and ISO 9001 compliance.
If you have any questions or concerns please feel free to reach out. I look forward to hopefully assisting you with your project.
Best Regards,
Joe Falbo