account. By having a change management process, the
            organization has control over changes and can ensure that all
            changes have been formally reviewed, approved, tested,
            documented, and implemented correctly.

            The use of consistently enforced procedures allows for the rapid
            detection of any events of non-compliance.  A process should be
            practical, based on sound business and security requirements
            and not impede the natural flow of business. Outdated or
            cumbersome systems will frequently be bypassed - leading to a
            loss of credibility for the authority and necessity of the systems
            and management processes. Methods must be seen as
            mandatory, not just optional ways to implement the intent of the
            policy.


            Standards

            Standards, like procedures, are also used to facilitate compliance
            with the policy. A standard for tools, applications, platforms,
            and elements used within an organization allows the
            organization to control what types of devices and applications
            are connected to the corporate network and simplifies the
            purchasing, training, maintenance, patching, and configuration
            of systems. The use of standards may integrate with licensing
            systems that control the number of users and licenses available
            for proprietary software. Without having standards, the
            maintenance of systems and equipment may be very costly and
            challenging. The help desk would need to learn how to support
            multiple systems, carry various types of replacement equipment,
            and struggle with inconsistency between rules, configurations,
            and patch management. The costs of purchasing hardware or
            software may also be higher if purchases are not made on a bulk