Description should include
applicable standards
security policy
certification and accreditation
best practices
data sharing between systems.