An Assessment is the verification, through technical scans & personal checks, that a company is following the security controls of a given framework (HIPAA, CMMC etc.) The assessment produces a written report that demonstrates a given companies compliance and recommendations for becoming compliant in the event there are controls that are not satisfied. The assessment also produces the required documentation for the given framework that was assessed.