In systematic cyber security work, the impact of significant changes must be assessed in advance and they must be executed in a controlled way. The consequences of unintentional changes must be assessed and efforts made to mitigate possible adverse effects.
Significant changes may include: changes in the organization, operating environment, business processes and data systems. Changes can be identified e.g. through management reviews and other cyber security work.
Security systems are the data systems that are in place to protect the information we have, not so much to process it.
We regularly evaluate the operation of different security systems and the need for new systems.