There are a few key steps to file integrity monitoring:
Defining a policy: Identifying which files on which systems you need to monitor.
Establishing a baseline: Before you can actively monitor files for changes, you need a reference point against which you can detect changes to critical files. You should, therefore, document a baseline, or a known good state for files that will fall under your FIM policy.
Monitoring changes: Ongoing monitoring of critical files for changes.
Sending an alert: If your FIM detects an unauthorized change to a critical file, an alert should be configured which informs the relevant personnel.
Document processes and procedures: To ensure the FIM is implemented and carried out correctly, this includes reports of results.