Hello akhi7486.
Here are some guidelines:
1. What kind of information will you be using for the project? Discuss information classification and handling procedures, non-disclosure agreements,
2. Will you be using 3rd-party providers? Discuss access by 3rd-parties, service level agreements, monitoring of 3rd-party services,
3. What kind of project? Discuss application development if the project requires it.
4. What are the project-related risks? Discuss and perform risk management and how to address risks
Hope the above helps.